Renew or replace the NGINX certificates managed by salt-minion

Renew or replace the NGINX certificates managed by salt-minion¶

This section describes how to renew or replace the NGINX certificates managed by salt-minion.

To renew or replace the NGINX certificates managed by salt-minion:

Verify the certificate validity date:

openssl x509 -in /srv/salt/pki/*/proxy.crt -text -noout | grep -Ei 'after|before'

Example of system response:

Not Before: May 30 17:21:10 2018 GMT
Not After : May 30 17:21:10 2019 GMT

Remove your current certificates from the Salt Master node.

Note

The following command also removes certificates from all proxy nodes as they use the same GlusterFS share.
```
rm -f /srv/salt/pki/*/*.[pemcrt]*
```
If you replace the certificates, remove the private key:
```
rm -f /srv/salt/pki/*/proxy.key
```
Renew or replace your certificates by applying the salt.minion state on all proxy nodes one by one:
```
salt -C 'I@nginx:server:site:*:host:protocol:https' state.sls salt.minion.cert -b 1
```

Apply the nginx state on all proxy nodes one by one:

salt -C 'I@nginx:server:site:*:host:protocol:https' state.sls nginx -b 1

Verify the new certificate validity date:

openssl x509 -in /srv/salt/pki/*/proxy.crt -text -noout | grep -Ei 'after|before'

Example of system response:

Not Before: May 30 17:21:10 2018 GMT
Not After : May 30 17:21:10 2019 GMT

updated: 2024-01-04 11:47

Verify the GlusterFS share salt_pki

Renew the self-managed NGINX certificates