Unable to get/set auto-tidy config

I am trying to configure auto-tidy on my pki mounts, but failing:

$ vault write pki_root/config/auto-tidy enabled=true
Error writing data to pki_root/config/auto-tidy: Error making API request.

URL: PUT https://redacted:8200/v1/pki_root/config/auto-tidy
Code: 404. Errors:

* 1 error occurred:
        * unsupported path

I can’t read config either:

$ vault read pki_root/config/auto-tidy
No value found at pki_root/config/auto-tidy

I can read other config just fine, though:

$ vault read pki_root/config/urls
Key                        Value
---                        -----
crl_distribution_points    [http://redacted:8200/v1/pki_root/crl]
issuing_certificates       [http://redacted:8200/v1/pki_root/ca]
ocsp_servers               []

I thought it might be a permissions issue, so I gave myself explicit create, delete, list, read, update and sudo (just for good measure), but that didn’t help:

vault token capabilities pki_root/config/auto-tidy
create, delete, list, read, sudo, update

Using the rest API made no difference:

$ cat payload.json 
  "enabled": true,
  "safety_buffer": "24h"
$ curl --header "X-Vault-Token: $(cat ~/.vault-token)" --request POST --data @payload.json $VAULT_ADDR/v1/pki_root/config/auto-tidy
{"errors":["1 error occurred:\n\t* unsupported path\n\n"]}

It is not just my PKI root that is affected, all my intermediate CAs are affected too.

Any advice will be appreciated.

This is what I’d expect to see, if you were using a version of Vault from before the auto-tidy functionality was added.

D’oh. We upgraded our vault server to 1.13 but never actually restarted it since 1.11 due to the overhead of getting a quorum to unlock it.