Getting `:8888/api/v1/cfssl/info\": x509: certificate has expired or is not yet valid` but certificates are valid a year from now

I refreshed the certificates in the /etc/kubernetes/pki directory. I manually checked each certificate. They are all valid until January 2025.

Yet, when any client tries to connect to the Kubernetes API Server, it always ends up in :8888/api/v1/cfssl/info\": x509: certificate has expired or is not yet valid, when it’s obviously not true.

I tried to find a duplicate pki directory, where some old certificates might be still in use, instead. Nothing found. There is only the /etc/kubernetes/pki directory. I’m not sure, if there is even a possibility to change this default directory.

The certificates are proven to be not expired and be valid until 2025. How do I make the server realise that?

you can check the used certs with openssl

openssl s_client -showcerts -connect foobar:8888