# x509：证书已过期或尚未生效：当前时间 2024-05-15T10:30:00Z 晚于 2024-04-01T00:00:00Z

- **ID:** `kubernetes/certificate-expired`
- **领域:** kubernetes
- **类别:** auth_error
- **验证级别:** ai_generated
- **修复率:** 88%

## 根因

API 服务器、kubelet 或入口使用的 TLS 证书已过期，导致客户端身份验证失败。

## 解决方案

1. ```
   Renew the API server certificate: On the control plane node, run 'sudo kubeadm certs renew apiserver' for kubeadm clusters, then restart kube-apiserver.
   ```
2. ```
   Update the kubeconfig with a new token: 'kubectl config set-credentials cluster-admin --token=$(kubeadm token create)' after renewing certificates.
   ```

## 无效尝试

- **Restart all pods to refresh certificates** — Pods don't manage cluster certificates; the issue is at the control plane or node level, not pod-level. (90% 失败率)
- **Set the system clock back to a valid time** — Temporary fix that breaks other services; certificates remain expired and will fail again. (95% 失败率)