Upgraded an RKE 0.1.9 cluster of Kubernetes 1.11.1 and Rancher 2.0.8 to latest versions. Also also done to rotate certificates from yearly to 10 years. Cluster all upgraded OK RKE, Rancher and kubernetes all latest stable versions. Certificates claim to have rotated OK and I can see them in /etc/kubernetes/ssl with 10 year lifetimes. However, /etc/kubernetes/.tmp still contains old certificates and so do secrets in UI. Can I just copy the certs from ssl to .tmp ? Will they then get picked up automatically in UI ?