diff --git a/docs/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md b/docs/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md
index 6f1010ff99c..259fcecbcf6 100644
--- a/docs/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md
+++ b/docs/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md
@@ -16,20 +16,6 @@ By default, Kubernetes clusters require certificates and Rancher launched Kubern
Certificates can be rotated for the following services:
-
-
-
-- etcd
-- kubelet (node certificate)
-- kubelet (serving certificate, if [enabled](https://rancher.com/docs/rke/latest/en/config-options/services/#kubelet-options))
-- kube-apiserver
-- kube-proxy
-- kube-scheduler
-- kube-controller-manager
-
-
-
-
- admin
- api-server
- controller-manager
@@ -42,9 +28,6 @@ Certificates can be rotated for the following services:
- kubelet
- kube-proxy
-
-
-
:::note
For users who didn't rotate their webhook certificates, and they have expired after one year, please see this [page](../../../troubleshooting/other-troubleshooting-tips/expired-webhook-certificate-rotation.md) for help.
@@ -68,15 +51,4 @@ Rancher launched Kubernetes clusters have the ability to rotate the auto-generat
### Additional Notes
-
-
-
-Even though the RKE CLI can use custom certificates for the Kubernetes cluster components, Rancher currently doesn't allow the ability to upload these in Rancher launched Kubernetes clusters.
-
-
-
-
-In RKE2, both etcd and control plane nodes are treated as the same `server` concept. As such, when rotating certificates of services specific to either of these components will result in certificates being rotated on both. The certificates will only change for the specified service, but you will see nodes for both components go into an updating state. You may also see worker only nodes go into an updating state. This is to restart the workers after a certificate change to ensure they get the latest client certs.
-
-
-
+In RKE2/K3s, both etcd and control plane nodes are treated as the same `server` concept. As such, when rotating certificates of services specific to either of these components will result in certificates being rotated on both. The certificates will only change for the specified service, but you will see nodes for both components go into an updating state. You may also see worker only nodes go into an updating state. This is to restart the workers after a certificate change to ensure they get the latest client certs.
diff --git a/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md b/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md
index be1431337b7..e231727abbd 100644
--- a/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md
+++ b/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md
@@ -12,20 +12,6 @@ title: 证书轮换
可以为以下服务轮换证书:
-
-
-
-- etcd
-- kubelet(节点证书)
-- kubelet(服务证书,如果[启用](https://rancher.com/docs/rke/latest/en/config-options/services/#kubelet-options))
-- kube-apiserver
-- kube-proxy
-- kube-scheduler
-- kube-controller-manager
-
-
-
-
- admin
- api-server
- controller-manager
@@ -38,9 +24,6 @@ title: 证书轮换
- kubelet
- kube-proxy
-
-
-
:::note
如果你未轮换 webhook 证书,且证书用了一年后已经过期,请参阅此[页面](../../../troubleshooting/other-troubleshooting-tips/expired-webhook-certificate-rotation.md)。
@@ -64,15 +47,4 @@ Rancher 启动的 Kubernetes 集群能够通过 UI 轮换自动生成的证书
## 补充说明
-
-
-
-虽然 RKE CLI 可以为 Kubernetes 集群组件使用自定义证书,但 Rancher 目前不允许在 Rancher 启动的 Kubernetes 集群中上传这些证书。
-
-
-
-
-在 RKE2 中,etcd 和 controlplane 节点都被视为相同的 `server`。因此,如果你轮换其中一个组件的服务证书,则两者的证书都会被轮换。证书只会针对指定的服务更改,但你会看到两个组件的节点都进入更新状态。你可能还会看到仅 Worker 节点进入更新状态。这是在证书更改后重启 Worker,以确保他们获得最新的客户端证书。
-
-
-
+在 RKE2/K3s 中,etcd 和 controlplane 节点都被视为相同的 `server`。因此,如果你轮换其中一个组件的服务证书,则两者的证书都会被轮换。证书只会针对指定的服务更改,但你会看到两个组件的节点都进入更新状态。你可能还会看到仅 Worker 节点进入更新状态。这是在证书更改后重启 Worker,以确保他们获得最新的客户端证书。
diff --git a/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md b/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md
index be1431337b7..e231727abbd 100644
--- a/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md
+++ b/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md
@@ -12,20 +12,6 @@ title: 证书轮换
可以为以下服务轮换证书:
-
-
-
-- etcd
-- kubelet(节点证书)
-- kubelet(服务证书,如果[启用](https://rancher.com/docs/rke/latest/en/config-options/services/#kubelet-options))
-- kube-apiserver
-- kube-proxy
-- kube-scheduler
-- kube-controller-manager
-
-
-
-
- admin
- api-server
- controller-manager
@@ -38,9 +24,6 @@ title: 证书轮换
- kubelet
- kube-proxy
-
-
-
:::note
如果你未轮换 webhook 证书,且证书用了一年后已经过期,请参阅此[页面](../../../troubleshooting/other-troubleshooting-tips/expired-webhook-certificate-rotation.md)。
@@ -64,15 +47,4 @@ Rancher 启动的 Kubernetes 集群能够通过 UI 轮换自动生成的证书
## 补充说明
-
-
-
-虽然 RKE CLI 可以为 Kubernetes 集群组件使用自定义证书,但 Rancher 目前不允许在 Rancher 启动的 Kubernetes 集群中上传这些证书。
-
-
-
-
-在 RKE2 中,etcd 和 controlplane 节点都被视为相同的 `server`。因此,如果你轮换其中一个组件的服务证书,则两者的证书都会被轮换。证书只会针对指定的服务更改,但你会看到两个组件的节点都进入更新状态。你可能还会看到仅 Worker 节点进入更新状态。这是在证书更改后重启 Worker,以确保他们获得最新的客户端证书。
-
-
-
+在 RKE2/K3s 中,etcd 和 controlplane 节点都被视为相同的 `server`。因此,如果你轮换其中一个组件的服务证书,则两者的证书都会被轮换。证书只会针对指定的服务更改,但你会看到两个组件的节点都进入更新状态。你可能还会看到仅 Worker 节点进入更新状态。这是在证书更改后重启 Worker,以确保他们获得最新的客户端证书。
diff --git a/versioned_docs/version-2.12/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md b/versioned_docs/version-2.12/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md
index 6f1010ff99c..259fcecbcf6 100644
--- a/versioned_docs/version-2.12/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md
+++ b/versioned_docs/version-2.12/how-to-guides/new-user-guides/manage-clusters/rotate-certificates.md
@@ -16,20 +16,6 @@ By default, Kubernetes clusters require certificates and Rancher launched Kubern
Certificates can be rotated for the following services:
-
-
-
-- etcd
-- kubelet (node certificate)
-- kubelet (serving certificate, if [enabled](https://rancher.com/docs/rke/latest/en/config-options/services/#kubelet-options))
-- kube-apiserver
-- kube-proxy
-- kube-scheduler
-- kube-controller-manager
-
-
-
-
- admin
- api-server
- controller-manager
@@ -42,9 +28,6 @@ Certificates can be rotated for the following services:
- kubelet
- kube-proxy
-
-
-
:::note
For users who didn't rotate their webhook certificates, and they have expired after one year, please see this [page](../../../troubleshooting/other-troubleshooting-tips/expired-webhook-certificate-rotation.md) for help.
@@ -68,15 +51,4 @@ Rancher launched Kubernetes clusters have the ability to rotate the auto-generat
### Additional Notes
-
-
-
-Even though the RKE CLI can use custom certificates for the Kubernetes cluster components, Rancher currently doesn't allow the ability to upload these in Rancher launched Kubernetes clusters.
-
-
-
-
-In RKE2, both etcd and control plane nodes are treated as the same `server` concept. As such, when rotating certificates of services specific to either of these components will result in certificates being rotated on both. The certificates will only change for the specified service, but you will see nodes for both components go into an updating state. You may also see worker only nodes go into an updating state. This is to restart the workers after a certificate change to ensure they get the latest client certs.
-
-
-
+In RKE2/K3s, both etcd and control plane nodes are treated as the same `server` concept. As such, when rotating certificates of services specific to either of these components will result in certificates being rotated on both. The certificates will only change for the specified service, but you will see nodes for both components go into an updating state. You may also see worker only nodes go into an updating state. This is to restart the workers after a certificate change to ensure they get the latest client certs.