We recently discovered a bug in the Let's Encrypt certificate authority code,
described here:

https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591

Unfortunately, this means we need to revoke the certificates that were affected
by this bug, which includes one or more of your certificates. To avoid
disruption, you'll need to renew and replace your affected certificate(s) by
Wednesday, March 4, 2020. We sincerely apologize for the issue.

If you're not able to renew your certificate by March 4, the date we are
required to revoke these certificates, visitors to your site will see security
warnings until you do renew the certificate. Your ACME client documentation
should explain how to renew.

If you are using Certbot, the command to renew is:

certbot renew --force-renewal

If you need help, please visit our community support forum:
https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864

Please search thoroughly for a solution before you post a new question. Let's
Encrypt staff will help our community try to answer unresolved questions as
quickly as possible.

Your affected certificate(s), listed by serial number and domain names:

Set to renew all certs - ignore namespaces

kubectl get certs --no-headers=true | awk '{print $1}' | xargs -n 1 kubectl patch certificate --patch '
- op: replace
  path: /spec/renewBefore
  value: 1440h
' --type=json

Remove forced renew param

kubectl get certs --no-headers=true | awk '{print $1}' | xargs -n 1 kubectl patch certificate --patch '
- op: remove
  path: /spec/renewBefore
' --type=json

If you are using namespaces, add --namespace name

Force renew only one cert by name exploit-cz and namespace ghost and config file kube_config_cluster.yml

kubectl patch certificate exploit-cz --kubeconfig kube_config_cluster.yml --namespace=ghost --patch '
- op: replace
  path: /spec/renewBefore
  value: 1440h
' --type=json

After renew

kubectl patch certificate exploit-cz --kubeconfig kube_config_cluster.yml --namespace=ghost --patch '
- op: remove
  path: /spec/renewBefore
' --type=json

Get cert-manager name

kubectl get pods --kubeconfig kube_config_cluster.yml --namespace=cert-manager

Get cert-manager logs by cert-manager-55c9d48cd-mskkb name

kubectl logs cert-manager-55c9d48cd-mskkb --kubeconfig kube_config_cluster.yml --namespace=cert-manager