TLS certificate are not renewed with Vault backend

Hello !

I’ve an issue with my consul deployment configure with Vault as a secret backend. In my logs, I can see for the communication between my 2 gateways instances:

grpc/logging.go:55: consul-api-gateway-server.sds-server: [core][Server #1] grpc: Server.Serve failed to create ServerTransport: connection error: desc = "ServerHandshake(\"10.42.0.175:37670\") failed: tls: failed to verify client certificate: x509: certificate has expired or is not yet valid: current time 2022-11-04T12:50:51Z is after 2022-10-27T09:40:06Z" 

So I assume something has not happened, but I have no idea how this certificate is supposed to be renewed.

In consul server, I can see:

2022-11-04T16:29:38.739Z [INFO] connect.ca.vault: Successfully renewed token for Vault provider 

So I assume it’s partially working…

Any idea on where I should watch ?