You can renew both internal and external certificates before expiration.
To renew certificates before expiration:
Log in to the master node.
Change to the following directory:
cd <k8s_HOME>
By default, k8s_HOME is /opt/kubernetes.
(Conditional) For internal certificates, run the following command to generate new certificates:
./scripts/renewCert --renew -t internal
In a multi-node deployment, executing the above command automatically distributes the new certificates to all nodes in the cluster.
(Conditional) For external certificates, run the following command to generate new certificates:
./scripts/renewCert --renew -t external