Lots of errors about http: TLS handshake error from <ip>:<port>: remote error: tls: bad certificate

2/17/2021

I'm getting lots of errors on one of my K8s worker nodes saying "http: TLS handshake error from some_ip:port: remote error: tls: bad certificate", but I'm not having any problems using any of my K8s containers. The problem is being logged in /var/log/syslog seems to be specific to one particular K8s node.

I assume I need to update a certificate, but I'm not sure if it's something in /etc/kubernetes/pki or /var/lib/kubelet/pki.

I assume it's related to the cni0 interface, since that's the subnet that matches the <ip>.

Does anybody know what it means, or better yet, how to fix it?

Thanks in advance!

-- Kendall Chenoweth
kubelet
kubernetes
ssl

1 Answer

6/14/2021

This is more likely coming from the cert-manager. You can find this from cert-manager-webhook-<hash> pod, usually in cert-manager namespace.

-- CedricYao
Source: StackOverflow