KES cert expiration question

node operator newbie here,

so, i missed the deadline for upgrading my stake pool node and relay. i did upgrade, then had to blow away the db files, and restart.

things look ok now but, i feel KES cert has expired.

i have a small script to check, but for whatever reason, it is not coming back with a value - does the expiration not show up with metrics link now?

the first “kes_remaining” variable has no value, and when i curl localhost at that port, there is nothing with kes. does that mean it has expired?

kes_remaining=$(curl -s localhost:12798/metrics | grep cardano_node_metrics_remainingKESPeriods_int | awk ‘{print $2}’) ;
slotsPerKESPeriod=$(cat $NODE_HOME/mainnet-shelley-genesis.json | jq -r ‘.slotsPerKESPeriod’) ;
echo ;
echo ● Days left: $((${kes_remaining} * ${slotsPerKESPeriod} / 86400))


the producer is 100% synced?

geez, still have a lot left to do. forgot it took this long. sorry, i will re-post if still can’t get number AFTER 100% sync’ed.


1 Like

there is absolutly no need to flush the db files and resync. just regenerate a current kes and restart the BP node, thats it.


thanks. yeah, my nodes needed to be upgraded to new binary as i missed the oct 22 deadline. i did finally do the upgrade but my node did not start properly, at least from the view of the logs. i figured my db was out of sync, hence blowing them away.

regarding cert - after it sync’s, yes, i will probably have to regen cert.


please be aware about security. never ever leave your pool cold keys on the blockproducer server. you can have them completely offline on a secure machine and you can generate a new kes keypair there. transfer it via a medium to an online machine and send it to your blockproducer node. please don’t hold your pool cold keys on an online server at all at any time!