Skip to main content

Docker Success Center

The Docker enterprise customer portal.

Docker, Inc.

How do UCP self-signed TLS certificates get renewed?

How does UCP self-signed TLS certificates get renewed? In addition to that, when can these certificates get renewed?

UCP will attempt to regenerate the self-signed certificate in use at a random time between 50-80% of the time between when the ucp-agent service task starts on a UCP node and when the certificate expires, or five minutes before the certificate expires, whichever comes first.

If you would like to replace the certificates generated by UCP, you can either replace the TLS certificates for UCP or use an external TLS certificate for UCP.