Cert-validity isn't working

I asked this question on slack but no reply yet so asking here:

is there anything wrong with these ssl options, it doesn’t seem to be working, it always show 1 year certificate while accessing 9200 port

this is the operator’s ps output, i re-created elasticsearch quickstart but cert is still 1 year, anything I am doing wrong?

./elastic-operator manager --operator-roles all --log-verbosity=1 --cert-validity=15m --cert-rotate-before=5m

Thanks for bringing this up -- I could reproduce it and raised an issue here to fix it: https://github.com/elastic/cloud-on-k8s/issues/2540

In the meantime if you set the CA rotation parameters, that will also affect the certificates issued from the CA.

1 Like