X509: certificate signed by unknown authority

Vic_ESupp · April 10, 2022, 9:00pm

After some maintenance on Kubernetes nodes, which created new certs in Kubernetes I got:

Failed to provision volume with StorageClass, rpc error: code = Internal desc = Failed to create volume: … x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kube-ca”)

Is there possibility to re-import, and how, new certs to Portworx, without full reinstallation?

sensre · May 21, 2022, 9:57pm

it looks like the PX process is still referencing the old certificates. Restarting PX on the nodes should fix this.For each node,

Delete oci-mon pod
One the new pod comes up, confirm if oci-mon restarted the PX systemd service. If not, restart it. To restart PX service, you can use the px/service=restart label on the node

Topic		Replies	Views
Portworx on rke etcd issue Portworx on Kubernetes	6	1399	April 1, 2021
Portworx Daemonset failed to start Portworx on Kubernetes	1	751	June 12, 2019
Mount CA Certificate Portworx on Kubernetes	1	560	August 17, 2021
Unable to register cluster: Put "https://pxessentials.portworx.com/osb/billing/v1/register": x509: certificate signed by unknown authority Portworx Essentials	2	1139	May 10, 2022
Portworx install - Adding CA certs (due to SSL Inspection) Portworx Install	2	993	March 3, 2021

X509: certificate signed by unknown authority

Related topics