(Legacy) Renew certificates for a runtime
This documentation is for the legacy Konnect environment at
konnect.konghq.com. For the
cloud.konghq.com environment, see the
current Konnect documentation.
Runtime certificates generated by Konnect Cloud expire every six (6)
Renew your certificates to prevent any interruption in communication between
Konnect Cloud and any configured runtimes (data planes). If a
certificate expires and is not replaced:
- The runtime stops receiving configuration updates from
the control plane.
- The runtime stops sending Vitals and usage data to the
- Each disconnected runtime uses cached configuration to continue proxying
and routing traffic.
Depending on your setup, renewing certificates might mean bringing up a new data
plane, or generating new certificates and updating data planes with the new
If you originally created your data plane container using the
quick setup Docker script,
we recommend running the script again to create a new data plane with renewed
- Stop the data plane container.
- Open Runtime Manager and click Configure New Runtime.
- Run the script again to
create a new data plane with
- Remove the old data plane container.
If your data planes are running on Linux or Kubernetes, or if you have a Docker
data plane container that was not created using the quick setup script,
generate new certificates and replace them on the existing nodes.
Generate new certificates
- Open Runtime Manager and
click Configure New Runtime.
Open the tab that suits your environment: Linux or Kubernetes.
If you’re running a Docker container, you can use either of these tabs to
complete the following steps.
- Click Generate Certificate.
Save the new certificates and key into separate files:
- Private key:
- Root CA Certificate:
- Store the files on your runtime’s local filesystem.
Update data plane