This is an error that you might see once every 10 years, so it's very likely you'll forget the solution.
The behavior is the following: When trying to do anything that interacts with API server you'll get the following error:
boris@ubuntu:~$ microk8s kubectl get all --all-namespaces Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2020-05-03T23:53:06Z is after 2020-05-03T16:38:01Z
Easy, just renew your certificates. But first, it's a good idea to check expiration time of current installed certificates:
boris@ubuntu:~$ sudo microk8s.refresh-certs -c The CA certificate will expire in 0 days.
Ok, we're a but out-of-date, let's renew them:
boris@ubuntu:~$ sudo microk8s.refresh-certs -i Backing up certificates under /var/snap/microk8s/1385/var/log/ca-backup/ Creating new certificates Signature ok subject=/C=GB/ST=Canonical/L=Canonical/O=Canonical/OU=Canonical/CN=127.0.0.1 Getting CA Private Key Signature ok subject=/CN=front-proxy-client Getting CA Private Key 1 Creating new kubeconfig file Stopped. Started. The CA certificates have been replaced. Kubernetes will restart the pods of your workloads. Any worker nodes you may have in your cluster need to be removed and re-joined to become aware of the new CA.