I work with a series of Kubernetes clusters that are restricted to public access, but still are encrypted using Let’s Encrypt certificates. Normally, when renewal is requied, this process is automatically done for you.
In the case above, I have to kick off the renewal process directly. This can be done easily with deleting the TLS secret generated for the certificate. This can be done through the UI:
Or via CLI:
kubectl delete secret tls-secret
Once this is done, the cert should automatically attempt a renewal. You can check the status of this with:
kubectl describe certificate tls-secret --namespace ingress-nginx
You should see the following: