Renew Certificates for a Data Plane Node
Data plane certificates generated by Kong Konnect expire every ten years. If you bring your own certificates, make sure to review the expiration date and associated metadata.
Renew your certificates to prevent any interruption in communication between
Kong Konnect and any configured data plane nodes. The following happens if a certificate expires and isn’t replaced:
- The data plane node stops receiving configuration updates from
the control plane.
- The data plane node stops sending analytics and usage data
to the control plane.
- Each disconnected data plane node uses cached configuration to continue
proxying and routing traffic.
Depending on your setup, renewing certificates might mean bringing up a new data
plane, or generating new certificates and updating data plane nodes with the new
If you originally created your data plane node container using one of the
Docker options in Gateway Manager, we recommend creating a new data plane node with renewed
- Stop the data plane node container.
- Open Gateway Manager, select a control plane, open Data Plane Nodes from the side menu, and click New Data Plane Node.
- Run the script to create a new data plane node with
- Remove the old data plane node container.
If your data plane nodes are running on Linux or Kubernetes, or if you have a
Docker container that was not created using the quick setup script, you must
generate new certificates and replace them on the existing nodes.
Generate new data plane certificate
Update data plane