How to replace fleet tls cert when expired?

Hi, I'm using fleet -server with tls cert. Recently, the cert will be expired and I need to replace a new one.

All elastic-stack version is 8.4

Last year, I used this command to install:

sudo elastic-agent-8.4.3-linux-x86_64/elastic-agent install --url=https://xxx:8220 \
  --fleet-server-es=https://xxx:9200 \
  --fleet-server-service-token=xxx \
  --fleet-server-policy=fleet-server-policy \
  --certificate-authorities=/opt/Elastic/certs/a_pem.crt \
  --fleet-server-cert=/opt/Elastic/certs/b.pem \
  --fleet-server-cert-key=/opt/Elastic/certs/c.key 

This year, after I apply new certs and replace the old cert /opt/Elastic/certs/a_pem.crt, /opt/Elastic/certs/b.pem and /opt/Elastic/certs/c.key to the new certs.

I restart the fleet using:

systemctl restart elastic-agent.service

I check the https://xxx:8220 cert, I find the cert is still a old cert.

So my question is how to change the fleet tls cert, I need to edit the elastic-agent.yaml or change the settings in kibana? Thakns.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.