This section describes how to renew or replace the NGINX certificates
managed by salt-minion
.
To renew or replace the NGINX certificates managed by salt-minion:
Complete the steps described in Verify the GlusterFS share salt_pki.
Log in to the Salt Master node.
Verify the certificate validity date:
openssl x509 -in /srv/salt/pki/*/proxy.crt -text -noout | grep -Ei 'after|before'
Example of system response:
Not Before: May 30 17:21:10 2018 GMT
Not After : May 30 17:21:10 2019 GMT
Remove your current certificates from the Salt Master node.
Note
The following command also removes certificates from all proxy nodes as they use the same GlusterFS share.
rm -f /srv/salt/pki/*/*.[pemcrt]*
If you replace the certificates, remove the private key:
rm -f /srv/salt/pki/*/proxy.key
Renew or replace your certificates by applying the salt.minion
state
on all proxy nodes one by one:
salt -C 'I@nginx:server:site:*:host:protocol:https' state.sls salt.minion.cert -b 1
Apply the nginx
state on all proxy nodes one by one:
salt -C 'I@nginx:server:site:*:host:protocol:https' state.sls nginx -b 1
Verify the new certificate validity date:
openssl x509 -in /srv/salt/pki/*/proxy.crt -text -noout | grep -Ei 'after|before'
Example of system response:
Not Before: May 30 17:21:10 2018 GMT
Not After : May 30 17:21:10 2019 GMT