How to replace fleet tls cert when expired?

chengye233 · September 27, 2023, 2:11am

Hi, I'm using fleet -server with tls cert. Recently, the cert will be expired and I need to replace a new one.

All elastic-stack version is 8.4

Last year, I used this command to install:

sudo elastic-agent-8.4.3-linux-x86_64/elastic-agent install --url=https://xxx:8220 \
  --fleet-server-es=https://xxx:9200 \
  --fleet-server-service-token=xxx \
  --fleet-server-policy=fleet-server-policy \
  --certificate-authorities=/opt/Elastic/certs/a_pem.crt \
  --fleet-server-cert=/opt/Elastic/certs/b.pem \
  --fleet-server-cert-key=/opt/Elastic/certs/c.key

This year, after I apply new certs and replace the old cert /opt/Elastic/certs/a_pem.crt, /opt/Elastic/certs/b.pem and /opt/Elastic/certs/c.key to the new certs.

I restart the fleet using:

systemctl restart elastic-agent.service

I check the https://xxx:8220 cert, I find the cert is still a old cert.

So my question is how to change the fleet tls cert, I need to edit the elastic-agent.yaml or change the settings in kibana? Thakns.

system · October 25, 2023, 2:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Changing the SSL certificate fleet server uses Elastic Agent fleet	5	1763	November 17, 2022
Configure Fleet SSL Cert Port 8220 SIEM	3	523	November 29, 2023
Certificate renewal and Fleet Elastic Agent fleet	5	431	January 5, 2024
How to change or replace the SSL Certificate used by Fleet Server Elastic Agent fleet	7	1637	November 17, 2023
Fleet server installation issue with TLS and certificates Elastic Agent fleet	0	29	October 29, 2024

How to replace fleet tls cert when expired?

Related Topics