Regenerating SSL Certificates

Capture of Hubs instance with expired SSL certificates. Yellow triangle with text: Warning: Potential Security Risk Ahead.

The SSL certificates you generated in the Beginner's Guide will last you 90 days, but then you will need to regenerate them. Why do they expire every 90 days? We don’t know and we had to google that question. Here’s the answer: To limit damage from key compromise and to encourage all of us to implement automation.

What does SSL stand for? Secure sockets layer.

How do I know how long my SSL certificates will last?

You can check when your SSL certificates expire by going to your Hubs URL and viewing the certificate in your browser.

Firefox:

Open your Hubs instance in your browser (this can be the home page, the admin panel, Spoke, a room, etc.), select the lock icon beside the URL bar,

Capture of browser address bar with lock icon highlighted in purple.

select “Connection secure”,

Capture of browser address bar with choice of Connection secure and lock icon highlighted in purple.

select “More information”,

Capture of browser address bar with choice "More information" highlighted in purple.

then select the Security tab in the window that pops up, and finally select the View Certificate button.

Capture of Page info pop-up, Security tab, and the button "View Certificate" near the top right highlighted in purple.

Look for the section with your domain. That will tell you when the certificate was issued and when it will expire. In this example, the SSL Certificate expires on January 21, 2025.

Capture of Certificate popup with Validity section highlighted in purple.

Chrome:

Open your Hubs instance in your browser (this can be the home page, the admin panel, Spoke, a room, etc.), then select the lock icon beside the URL bar, select "Connection is secure", and select "Certificate is valid". There should be a section in the dialog that pops up that will tell you when the certificate was issued and when it will expire.

How do I regenerate my certificates?

You can regenerate your SSL certificates with the following steps. This is very similar to what you did in the Beginner’s Guide, Steps 13 and 15.

Open VS Code. You will probably arrive in the HUBS-CLOUD-MASTER Folder, community-edition directory, hcce.yaml file. If you are not there, open it.
Select hcce.yaml.
Select Control + F on your keyboard and search for this text: default-ssl-certificate
Remove (delete) the # (number sign) from the beginning of the line to re-enable it.
Select File, Save. This will keep all of the changes you just made.
Make sure the terminal is in the community-edition directory. If not, copy and paste this into the terminal and hit enter:
```
cd community-edition
```
Apply the changes to Kubernetes on DO. Copy and paste the following text into the terminal and hit enter on your keyboard.
```
kubectl apply -f hcce.yaml
```
Note: If you receive this error message: error: the path “hcce.yaml” does not exist means you are attempting a command from the wrong directory.

If running correctly, it will take a few seconds. Ongoing results look like this:

Final result looks like this:
Copy and paste the following text into the terminal and hit enter on your keyboard and wait for it to complete.
```
npm run gen-ssl
```
Note: you will see in the output of the previous command that the AGE parameter doesn't reset. This is fine.
In VS Code, select hcce.yaml.
Select Control + F on your keyboard and search for this text: default-ssl-certificate
Insert a # (number sign) at the beginning of the line to disable it again.
Select File, Save. This will keep all of the changes you just made.
To apply the changes to Kubernetes on DO, copy and paste the following text into the terminal and hit enter on your keyboard.
```
kubectl apply -f hcce.yaml
```
You are done! If you’d like to check if the certificates are all renewed follow these instructions again.

Can I regenerate my certificates before they expire?

Yes. If you are within 45 days of your certificates expiring you can regenerate them.