I have an ES Cluster(ES version 7.4.2) that has been running for 3 years.
when I run the following query.
I'm getting the output.
"expiry" : "2022-11-20T07:27:29.000Z"
My cluster is in active use and shutting it down will be a problem for me. Is there a way to extend the certificate period? Or any suggestions.
7.4 is EOL and no longer supported, please upgrade
You will need to replace the certificates with updated ones that have longer expirations. You should be able to do that with a rolling restart however.
Hi @warkolm. Thanks for answer.
For the new '
I run '
./bin/elasticsearch-certutil cert --ca /etc/elasticsearch/certs/temescls01-ca.p12' and when I enter the 'CA CERT password' it generates a new temescl01-ca.p12 certificate.
For the new '
'./bin/elasticsearch-certutil cert /etc/elasticsearch/certs/temescls01-certificates.p12' and enter the 'keystore password'.
I'm using the old certificates' passwords for both new certificates.
I was able to create all 2 certificates. But when I stop the elasticsearch service and replace the old certificates with new certificates by following the document here, the node cannot join the cluster. When I replace the old certificate, the node joins the cluster without any problems.
An example from elasticsearch.yml
Is there something i did wrong?
You will need to share logs please.
I solved the problem by following the steps in this article. In addition, I had to restart the service on a single node. I think it's because my ES version is 7.4.2.