I work with a series of Kubernetes clusters that are restricted to public access, but still are encrypted using Let’s Encrypt certificates. Normally, when renewal is required, this process is automatically done for you.
In the case above, I have to kick off the renewal process directly. This can be done easily with deleting the TLS secret generated for the certificate.
First, make sure there is an open port to allow for port 80 to connect to Let’s Encrypt servers.
This can be done through the UI:
Or via CLI:
Once this is done, the cert should automatically attempt a renewal. You can check the status of this with:
kubectl describe certificate tls-secret --namespace ingress-nginx
You should see the following: