X509: certificate signed by unknown authority

After some maintenance on Kubernetes nodes, which created new certs in Kubernetes I got:

Failed to provision volume with StorageClass, rpc error: code = Internal desc = Failed to create volume: … x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kube-ca”)

Is there possibility to re-import, and how, new certs to Portworx, without full reinstallation?

it looks like the PX process is still referencing the old certificates. Restarting PX on the nodes should fix this.For each node,

  1. Delete oci-mon pod
  2. One the new pod comes up, confirm if oci-mon restarted the PX systemd service. If not, restart it. To restart PX service, you can use the px/service=restart label on the node