I face an supper strange issue about

2024-03-14T09:14:00.143702+00:00 ip-172-25-18-14 consul[2581957]: 2024-03-14T09:14:00.143Z [ERROR] agent.auto_config: AutoEncrypt.Sign RPC failed: addr=172.25.13.11:8300 error=“rpcinsecure: error making call: error generating certificate: x509: provided PrivateKey doesn’t match parent’s PublicKey”

and

if I want to reset

consul connect ca set-config -config-file payload.json

Error setting CA configuration: Unexpected response code: 500 (Error updating secondary datacenter CA config: Failed to set the intermediate certificate with the CA provider: could not verify intermediate cert against root: x509: certificate has expired or is not yet valid: current time 2024-03-14T09:09:44Z is before 2024-03-14T09:10:50Z)

looks like the intermediate expired, but I can’t renew it, how do I fix it ?

I suggest to focus on the first problem as you likely provided a wrong private key when you tried to generate new cert.

the key is auto_encrypt genernal by consul self