Cert-manager renewBefore notAfter timing different from Kubernetes host machine

I’m having Kubernetes version: v1.25.6+k3s1
I’m using K3s
cert-manager: 1.11.0
Host: Ubuntu 22.04

Problem that I’m having is more or less related with cert-manager and timing between nodes.

I’m creating some certificates with cert-manager and everything looks good, but it turned out it isn’t. The problem is that the certificates are not renewed so secrets will have old certificates on them resulting in application requests failing.

I investigated that. In the beginning I thought it is a problem with cert-manager [they had this problem before] but after continuing to investigate I think the problem is actually something else and that beeing the time difference between my local time [from where I’m using kubectl to deploy things] and kubernetes hosts machine time.

I think the certificates are not renewed because actually they should not based on the host machine time.

e.g.: My local time it is 3PM so I’m creating some certificates that should renewed after 1H. I’ll check the certificates and yes, they should be renewed at 4PM. But of course, they aren’t. I checked the kubernetes host machine local time and it was 2AM [so until 4PM to renew the cert it is a lot, but my certs already expired for hours]

I changed the timezone into Kubernetes host machine to be same as my local machine, but for some reasons it seems the notBefore is with 2h behind so now doesn’t make any sense anymore :frowning:

The question is: What is the best approach to deploy things on Kubernetes, using kubectl from another machine, but in this specific example, when creating certificates to not use my local time but kubernetes machine time?

Or more or less, the question is how can I solve this problem?