How to add a custom Certificate in existing AWX environment

Hi Team,

I need to add custom Certificate in existing AWX environment running on K3S.

AWX 23.5.0
K3S Version : v1.28.4+k3s2

Could you please help me for same.


To know how to help you with that, we’d have to know how you are applying your certificate today.

Are you using Traefik and a k3s secret?
Are you using traefik without TLS, but have an HTTPS Proxy (Apache, Nginx, TomCat, etc.) handling HTTPS traffic into the pod?
Something else?

Hi Dustin,

We have deployed AWX using a Self-Signed generated certificate however now we are planning to use custom certificate.

kubectl -n awx get awx,all,ingress,secrets |grep tls
secret/awx-secret-tls 2 534d
secret/awx-receptor-ca 2 404d

If you run through your instructions again. Where it tells you to generate a self signed certificate, instead use your new CA signed certificate and key. Then, when you generate the k3s secret use the new cert and key instead of the self signed.

Which part are you stuck on?

Hi Dustin,

I have already deployed AWX using self signed certificate and its running fine ,I would like to replace the certificate with other one,is it feasible.

It is possible.

Here is the kubernetes secret documentation.

Put your signed cert and private key into the same directory where you self signed cert and key is stored.

If you created your secret using kubectl create secret... command, you can update the secret with kubectl edit secret... command.

If you created your secret using kustomize/delpoy files, update your kustomize/deploy files to point to the new cert and key, and then re-apply your kustomize/deploy file with the kubectl command.