Renew consul certificates

docs/consul.org

@@ -1,6 +1,6 @@
 #+title: Consul
 * Server setup
-** Create a server keypair
+** Create a server keypair <<create_keypair>>
 Decrypt the CA (from the agenix secrets)
 #+begin_src bash
 agenix -i ~/.ssh/id_reykjavik -d consul.d/consul-agent-ca.pem.age > ~/tmp/consul-agent-ca.pem
@@ -78,3 +78,10 @@ JSON config:
   }
 }
 #+end_src
+* Renew expired certificates
+** Find the expired certificate
+#+begin_src
+openssl x509 -in /etc/consul.d/certs/samfelag-server-consul.pem -enddate -noout
+#+end_src
+
+Follow the steps described in [[create_keypair][Create a server keypair]].