I have Issues rotating the certs generated by Vault PKI engine . I have an Intermediate CA which is acting as a Issuing authority for two leaf certificates ( server and Client ) , I have generated ( client-ca.pem , client-ca-key.pem ,server-ca.pem , server-ca-key.pem and the intermediate-ca.pem) . I have added these new certificates on the server and provided the cert path in the tls stanza ( nomad-server-config.hcl) . I restarted the nomad service .
on the restart I have checked the logs and it throws several warnings as mentioned below
[WARN] nomad.rpc: failed TLS handshake : remote_addr = error=“tls :failed to verify client certificate : x509 : certificate has expired or is not valid : current time is after <2024-06-01T15:45:15z”
I see these logs being generated , I am not sure if the cluster is safeguarded using tls or not.
Any leads or help regarding this would be much appreciated , Thanks in advance.
The certificates shows to be generated in GMT and my servers run in EST
I see the same logs on all the clients as well , on the UI when using Monitor option .
Why are the new certificates nomad.rpc : failed TLS handshake ( failing to do this )?