From 2e4a6dc4d7412b6ff5253735c3c71252648f40bf Mon Sep 17 00:00:00 2001 From: Joanna Jeremicz Date: Fri, 13 Aug 2021 09:55:48 +0200 Subject: [PATCH] Describe manual actions for certificate update Issue-ID: OOM-2752 Signed-off-by: Joanna Jeremicz Change-Id: I4898e2b36aed2954be54f9a85f77287894a0483f --- docs/sections/release-notes.rst | 3 ++- docs/sections/troubleshooting.rst | 15 ++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst index ecd0ea6c..094d10bf 100644 --- a/docs/sections/release-notes.rst +++ b/docs/sections/release-notes.rst @@ -61,7 +61,8 @@ New features **Known Issues** -None +If Cert-Manager was down for some time and did not trigger certificate update on time, then updating an outdated certificate may require manual actions. +The required actions are described in :ref:`Troubleshooting section ` Deliverables ------------ diff --git a/docs/sections/troubleshooting.rst b/docs/sections/troubleshooting.rst index 192a9d6a..87989cb7 100644 --- a/docs/sections/troubleshooting.rst +++ b/docs/sections/troubleshooting.rst @@ -1,9 +1,22 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2020 NOKIA +.. Copyright 2020-2021 NOKIA +.. _troubleshooting: Troubleshooting ================ +Update an outdated certificate after Cert-Manager was down +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +When a certificate expires because Cert-Manager was not able to trigger the update on time, for some CMPv2 servers, e.g. +EJBCA, there are manual actions required to perform the update. +Given the expired certificate status is *READY=False*: + + 1. Edit the cert resource. It can be e.g. a small change in SANs. + 2. Use the cert-manager plugin *renew* command to trigger the update manually. + 3. Edit the cert again to revert the changes. + 4. Trigger the update manually. + +The certificate should now be alive and updated correctly. -- 2.16.6