Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Flannel x509: certificate has expired or is not yet valid
See original GitHub issueHello
After some troubles with containerd I reinstalled microk8s 1.16.8 with sudo snap install microk8s --classic --channel=1.16/stable. First everything looked fine, but after I enabled some plugins, e.g DNS, storage etc. I realized, flannel has a problem with a certificate.
Here the journalctl output:
Apr 30 13:41:17 XPS-8930 systemd[1]: Started Service for snap application microk8s.daemon-flanneld.
Apr 30 13:41:22 XPS-8930 microk8s.daemon-flanneld[31687]: Error: x509: certificate has expired or is not yet valid
Apr 30 13:41:22 XPS-8930 microk8s.daemon-flanneld[31687]: /coreos.com/network/config is not in etcd. Probably a first time run.
Apr 30 13:41:22 XPS-8930 microk8s.daemon-flanneld[31687]: Error: client: etcd cluster is unavailable or misconfigured; error #0: x509: certificate has expired or is not yet valid
Apr 30 13:41:22 XPS-8930 microk8s.daemon-flanneld[31687]: error #0: x509: certificate has expired or is not yet valid
Apr 30 13:41:22 XPS-8930 systemd[1]: snap.microk8s.daemon-flanneld.service: Main process exited, code=exited, status=4/NOPERMISSION
Apr 30 13:41:22 XPS-8930 systemd[1]: snap.microk8s.daemon-flanneld.service: Failed with result 'exit-code'.
Apr 30 13:41:22 XPS-8930 systemd[1]: snap.microk8s.daemon-flanneld.service: Service hold-off time over, scheduling restart.
I uninstalled microk8s again and looked for directories which probably left over under /var/snap, but microk8s has been erased completely. Why is flannel complaining about the wrong certificate, and where is it located, so that I could change it?
$ microk8s.inspect [] 13:40:58
[sudo] password for tobias:
Inspecting services
Service snap.microk8s.daemon-cluster-agent is running
Service snap.microk8s.daemon-flanneld is running
Service snap.microk8s.daemon-containerd is running
Service snap.microk8s.daemon-apiserver is running
Service snap.microk8s.daemon-apiserver-kicker is running
Service snap.microk8s.daemon-proxy is running
Service snap.microk8s.daemon-kubelet is running
Service snap.microk8s.daemon-scheduler is running
Service snap.microk8s.daemon-controller-manager is running
Service snap.microk8s.daemon-etcd is running
Copy service arguments to the final report tarball
Inspecting AppArmor configuration
Gathering system information
Copy processes list to the final report tarball
Copy snap list to the final report tarball
Copy VM name (or none) to the final report tarball
Copy disk usage information to the final report tarball
Copy memory usage information to the final report tarball
Copy server uptime to the final report tarball
Copy current linux distribution to the final report tarball
Copy openSSL information to the final report tarball
Copy network configuration to the final report tarball
Inspecting kubernetes cluster
Inspect kubernetes cluster
Building the report tarball
Report tarball is at /var/snap/microk8s/1302/inspection-report-20200430_134112.tar.gz
inspection-report-20200430_134112.tar.gz
Thanks for your help!
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (1 by maintainers)
Top Results From Across the Web
Flannel x509: certificate has expired or is not yet valid #1167
Hello After some troubles with containerd I reinstalled microk8s 1.16.8 with sudo snap install microk8s --classic --channel=1.16/stable.
Read more >[SOLVED] Fix Kubernetes Flannel & CoreDNS Failure with ...
x509 : certificate is valid for <subnet_ip_1>, <node_ip>, not <subnet_ip_2> means that the certificates used by your kubernetes cluster ( ...
Read more >x509certificate - Kubernetes: expired certificate - Stack Overflow
I think you need re-generate the apiserver certificate /etc/kubernetes/pki/apiserver.crt you can view current expire date like this.
Read more >Unable to connect to the server: x509: certificate has expired ...
i have a 2 Master nodes and 3 worker nodes K8s Cluster, and i didn't upgrade for an year now. Looks like now...
Read more >Kubernetes is not manageable: certificates are expired
Kubernetes services certificates has expired. Normally the certificates are refreshed for 1 year and are meant to get updated on Kubernetes ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I found similar issue, upon observation to daemon-apiserver journal.log, I found this entry
Seems the certificate is generated using UTC while my server using GMT+7
Workaround: Modify /var/snap/microk8s/current/certs/csr.conf.template to
Edit: Today, I’ve encountered the ‘certificate has expired or is not yet valid’ again, seems the ca.crt is already expired. This https://github.com/ubuntu/microk8s/issues/1150 solve my problem.
Thanks for the response, #1150 worked for me too. I am closing this issue, since it is tracked in the other thread.