Etcd certificates expired

The etcd certificates of my KubeOne cluster expired. The etcd log is full of messages like

2020-07-17 12:35:42.721891 I | embed: rejected connection from “10.166.149.217:50264” (error “remote error: tls: bad certificate”, ServerName “”)

How can I renew the certificates?

Because KubeOne under the hood uses kubeadm this documentation should provide most of the PKI oriented operations knowledge.

To be more specific, when you run kubeone upgrade certificates will be renewed automatically by kubeadm, but up to 1.17 version of kubeadm there was a bug which prevented this, and we have to be explicit to review certs. Probably this is the case why your certificates got expired. We’ve pushed a fix to this issue.