Hello,
I haven’t touched to Vault for a while and today when I attempt to login Vault by using Initial Root Token, I get the following error:
/ $ vault login
Token (will be hidden):
Error authenticating: error looking up token: Get "https://127.0.0.1:8200/v1/auth/token/lookup-self":
x509: certificate has expired or is not yet valid: current time 2022-10-09T22:49:58Z is after 2022-08-17T19:34:22Z
/ $ vault token create
Error creating token: Post "https://127.0.0.1:8200/v1/auth/token/create": x509: certificate has expired or is not yet valid: current time 2022-10-09T22:51:15Z is after 2022-08-17T19:34:22Z
/ $
Could you please advise how can I produce a new initial token?
Thanks & Regards
As the error says your TLS certificate has expired.
You will need to get a replacement certificate issued and then update the files/restart Vault.
Hello,
thanks for your answer @stuart-c but unfortunately not so simple.
The cert was renewed by cert-manager automaticialy but vault is not aware of the cert was renewed. I delete vault pods, k8s re-creates the pods, the secret/cert is read by Vault and it works.
Is there any way to fix that problem?
Thanks & Regards
You would need to look at the cert-manager configuration to see if it can restart pods when a certificate gets renewed. I’m sure there are some other tools which could be used to detect such changes and restart the pods too.
how can cert-manager know the certificate is being used Vault or something else?
Can you please advise an sample configuration?
Thx & Regards