Run the command kubeadm alpha certs renew all to manually update the certificate. If this command does not work and errors out you might be running a newer Kubernetes version that no longer has any experimental “alpha” commands. This means you will need to run kubeadm certs renew all
Here are some resources on certificate rotation to ensure certificates are rotated and don’t expire:
In addition to running kubeadm certs renew all you also need to run the following to ensure the latest certificates are used by the Kubernetes control plane. If you’re running an older Kubernetes version, then you might want to run kubeadm alpha certs renew all:
mv /etc/kubernetes/manifests/kube-apiserver.yaml /tmp/ && sleep 1 && mv /tmp/kube-apiserver.yaml /etc/kubernetes/manifests/
mv /etc/kubernetes/manifests/kube-controller-manager.yaml /tmp/ && sleep 1 && mv /tmp/kube-controller-manager.yaml /etc/kubernetes/manifests/
mv /etc/kubernetes/manifests/kube-scheduler.yaml /tmp/ && sleep 1 && mv /tmp/kube-scheduler.yaml /etc/kubernetes/manifests/
Full details available here - https://kurl.sh/docs/install-with-kurl/setup-tls-certs#manual-renewal