When will my cluster certificates expire?

Table of Contents


I have a cluster which is displaying the message "This cluster has certs that are expiring or have expired". Is there any way to determine when the certs will expire?


Kubernetes clusters provisioned via the RKE, or Rancher launched Kubernetes clusters


Dates on when particular certificates will expire are located in the Rancher API.

To view them, from the "Clusters" page, click the three-dot menu on your cluster and "View in API" Scroll down or search for the section called "certificatesExpiration" There you can see the expiration date for each kubernetes component

FYI, as of Rancher 2.3.5, there is a known issue that old, removed nodes still appear in this list. This is cosmetic and won't affect your running cluster: https://github.com/rancher/rancher/issues/24333

Further Reading

  • https://support.rancher.com/hc/en-us/articles/360038509831-Rancher-Operational-Advisory-Take-Action-Manual-Rotation-of-Certificates-in-Rancher-Kubernetes-Clusters
  • https://rancher.com/blog/2019/kubernetes-certificate-expiry-and-rotation-in-rancher-kubernetes-clusters
Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.