By default, the microk8s installed with self-certificate and if you’re using Let’s Encrypt, the SSL certificates issued by it are valid for 90 days or 1 year (it’s up to you). To ensure continuous security, you need to automate certificate renewal.

Cert-manager – using by default in microk8s which automatically renews the certificates before expiration, but in some cases, the renewal does not successfully. You should verify that renewal is working properly.

To check Certificate Expiry:

microk8s kubectl get certificate -A

or check a specific certificate:

microk8s kubectl describe certificate <your-certificate-name>

Maybe the cer is expried and returned error:

Cannot get All cer anymore, the internal Kubernetes API server certificate in MicroK8s has expired. Since MicroK8s uses self-signed certificates for internal communication, you need to renew them manually.

Check Current Certificate Expiry:

sudo microk8s inspect

Force Regeneration of Certificates:

sudo microk8s refresh-certs --cert server.crt
sudo microk8s refresh-certs --cert front-proxy-client.crt
sudo microk8s refresh-certs --cert ca.crt

Them reboot the server with:

reboot

Now waiting for a moment, the k8s can be connected.

Well done.
Nam Le,

devops k8s microk8s