Support Tip: "Could not issue certificates" error and cluster pods go down


Many pods are in Status Crashloopback off. By default, the CDF root CA certificate is valid for 10 years. When you set the issue certificates TTL to 10 years, the issued certificates soon have an end date that's after the root CA certificate end date. In this situation, OpenSSL returns an error when you try to issue a certificate, and most of the pods in the cluster will go down with a certificate issuance error.

Read the resolution for this issue and the full Support Tip here.


Knowledge Docs
Comment List