Renew host certificates on Data Lake and Data Hub clusters
Host certificates are valid for one year; to keep the Data Lake and Data Hub clusters running, you must renew the certificates before they expire.
During periodic cluster state synchronization, CDP uses the Cloudera Manager API to check that the HOST_AGENT_CERTIFICATE_EXPIRY apiHealthCheck alert is in a GOOD state. If the apiHealthCheck is not in a GOOD state, CDP displays a warning in the UI.
These UI warnings will display on the associated Environments, Data Lakes, or Data Hubs list and details pages. For example:
- On the Environments, Data Lakes, or Data Hubs list pages, click the three vertical dots next to the expiration message.
- Click Renew Host Certificates or Renew Data Lake
- Click Yes when you are asked if you want to renew the
certificates.Alternatively, from the "Details" page of a particular environment or the "Details" page for a Data Hub cluster, you can click the Renew Data Lake Host Certificates or Renew buttons in the warning message that appears at the top of the page.
If you prefer to renew the certificates using the CLI, use the following commands:
Data Lake certificate renewal:
cdp datalake rotate-auto-tls-certificates --datalake-name <Data Lake name>
Data Hub certificate renewal:
cdp datahub rotate-auto-tls-certificates --datahub-name <Data Hub name>
Restart the CM server:
systemctl restart cloudera-scm-server.
Restart services via the CM UI:
From the CM-UI.
, follow the link to the The Cloudera Manager UI opens.
From the Status tab, click the drop-down menu and select
From Actions menu and select
, open the
- From the CM-UI. , follow the link to the