From 5cb294ac67be9071ced9375930f646fac893bcbd Mon Sep 17 00:00:00 2001
From: Mike Bayer <mbayer@redhat.com>
Date: Mon, 3 Nov 2025 14:00:15 -0500
Subject: [PATCH] update CA expiration time

In 1bb23182b8330e50cb the galera certs were regenerated
with a three year expiry, but this did not include the CA
expiration time, leading to failures again.   this change
updates that time as well and adds a script that can be used
to regen the values.
---
 config/samples/cert-manager-galera-cert.yaml  |  3 +-
 tests/chainsaw/common/regenerate-tls-certs.sh | 75 +++++++++++++++++++
 tests/chainsaw/common/tls-certificate.yaml    | 15 +++-
 .../02-tls-certificate.yaml                   | 43 ++---------
 .../galera_deploy_tls/01-tls-certificate.yaml | 43 ++---------
 5 files changed, 103 insertions(+), 76 deletions(-)
 create mode 100755 tests/chainsaw/common/regenerate-tls-certs.sh

diff --git a/config/samples/cert-manager-galera-cert.yaml b/config/samples/cert-manager-galera-cert.yaml
index 0982b9a9..deaa4728 100644
--- a/config/samples/cert-manager-galera-cert.yaml
+++ b/config/samples/cert-manager-galera-cert.yaml
@@ -16,6 +16,7 @@ spec:
   isCA: true
   commonName: my-selfsigned-ca
   secretName: root-secret
+  duration: 32088h
   privateKey:
     algorithm: ECDSA
     size: 256
@@ -47,7 +48,7 @@ spec:
   secretTemplate:
     labels:
        mariadb-ref: openstack
-  duration: 6h
+  duration: 32088h
   renewBefore: 1h
   subject:
     organizations:
diff --git a/tests/chainsaw/common/regenerate-tls-certs.sh b/tests/chainsaw/common/regenerate-tls-certs.sh
new file mode 100755
index 00000000..481280c8
--- /dev/null
+++ b/tests/chainsaw/common/regenerate-tls-certs.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+set -e
+
+echo "This script will regenerate the TLS certificates in tls-certificate.yaml"
+echo "Prerequisites:"
+echo "  - oc configured with an OpenShift cluster"
+echo "  - cert-manager installed in the cluster"
+echo "  - openstack namespace/project exists"
+echo ""
+
+# Extract the commented cert-manager resources
+TEMP_FILE=$(mktemp)
+sed -n '5,69s/^# //p' tls-certificate.yaml > "$TEMP_FILE"
+
+echo "Extracted cert-manager resources to $TEMP_FILE"
+echo ""
+echo "Deleting any existing secrets..."
+oc delete secret root-secret galera-cert -n openstack --ignore-not-found=true
+
+echo ""
+echo "Applying cert-manager resources..."
+
+# Apply the resources
+oc apply -f "$TEMP_FILE"
+
+echo "Waiting for certificates to be ready..."
+echo "  - Waiting for root-secret (CA certificate)..."
+oc wait --for=condition=ready certificate/selfsigned-ca -n openstack --timeout=60s
+
+echo "  - Waiting for galera-cert certificate..."
+oc wait --for=condition=ready certificate/galera-cert -n openstack --timeout=60s
+
+echo ""
+echo "Certificates are ready! Extracting secret data..."
+
+# Get the secret data
+CA_CRT=$(oc get secret root-secret -n openstack -o jsonpath='{.data.ca\.crt}')
+TLS_CRT=$(oc get secret galera-cert -n openstack -o jsonpath='{.data.tls\.crt}')
+TLS_KEY=$(oc get secret galera-cert -n openstack -o jsonpath='{.data.tls\.key}')
+
+echo ""
+echo "Certificate validity periods:"
+echo "  CA Certificate:"
+echo "$CA_CRT" | base64 -d | openssl x509 -noout -dates | sed 's/^/    /'
+echo ""
+echo "  Galera Certificate:"
+echo "$TLS_CRT" | base64 -d | openssl x509 -noout -dates | sed 's/^/    /'
+echo ""
+
+echo ""
+echo "Creating new hardcoded secret..."
+echo "---"
+cat <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: galera-cert
+data:
+  tls-ca-bundle.pem: $CA_CRT
+  tls.crt: $TLS_CRT
+  tls.key: $TLS_KEY # notsecret
+EOF
+
+echo ""
+echo "---"
+echo ""
+echo "To update tls-certificate.yaml:"
+echo "1. Copy the secret output above"
+echo "2. Replace the existing Secret resource (lines 71-78) in tls-certificate.yaml"
+echo ""
+echo "Cleaning up cert-manager resources..."
+oc delete -f "$TEMP_FILE" --ignore-not-found=true
+
+rm "$TEMP_FILE"
+echo "Done!"
diff --git a/tests/chainsaw/common/tls-certificate.yaml b/tests/chainsaw/common/tls-certificate.yaml
index 9313f80c..33173ae4 100644
--- a/tests/chainsaw/common/tls-certificate.yaml
+++ b/tests/chainsaw/common/tls-certificate.yaml
@@ -18,6 +18,7 @@
 #   isCA: true
 #   commonName: selfsigned-ca
 #   secretName: root-secret
+#   duration: 32088h
 #   privateKey:
 #     algorithm: ECDSA
 #     size: 256
@@ -68,11 +69,19 @@
 #     group: cert-manager.io
 #     kind: Issuer
 # ---
+#
+# STEPS TO RECREATE, WHEN CERT EXPIRES (errors in pod logs):
+#
+# Run the script: tests/chainsaw/common/regenerate-tls-certs.sh
+# This will extract the commented cert-manager resources above, apply them,
+# wait for cert-manager to generate the certificates, then print the new
+# Secret YAML. Copy the secret data below.
+#
 apiVersion: v1
 kind: Secret
 metadata:
   name: galera-cert
 data:
-  tls-ca-bundle.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJjRENDQVJhZ0F3SUJBZ0lRWm5GbEtqTU9SV1FhZ1VWcjVBV1BvVEFLQmdncWhrak9QUVFEQWpBWU1SWXcKRkFZRFZRUURFdzF6Wld4bWMybG5ibVZrTFdOaE1CNFhEVEkxTURjeU1URXpNRGN5TlZvWERUSTFNVEF4T1RFegpNRGN5TlZvd0dERVdNQlFHQTFVRUF4TU5jMlZzWm5OcFoyNWxaQzFqWVRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJBb0VNbG9ybmxkUENiSk51cjBLQW5HcERaU3VWWlhEdWpPNW15ckROS203bFh2RmJ3a2gKc0FXQjFpVDRqZ0o5UXgvVTcxYUxVN1A1bmZWQmVxcXAzazJqUWpCQU1BNEdBMVVkRHdFQi93UUVBd0lDcERBUApCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUmFWWkhMcHM4Rjluc3lXMVZTTWNPNERCaC80akFLCkJnZ3Foa2pPUFFRREFnTklBREJGQWlFQXZRMzdqbS9PSHROUjNlMU9NcUhNZUZ0Zzc3UE1SMm52ZG5pZnpubkgKYThRQ0lDZ3FIMWU1UkZWenBQME14WU1RZ0VkMzQyRGMvZ1p4STdQTzRwb2pFdTFvCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaVENDQXd1Z0F3SUJBZ0lSQU9EL21FQVo3VmNIMENabnBXV01nNm93Q2dZSUtvWkl6ajBFQXdJd0dERVcKTUJRR0ExVUVBeE1OYzJWc1puTnBaMjVsWkMxallUQWVGdzB5TlRBM01qRXhNek0wTkRsYUZ3MHlPVEF6TVRreApNek0wTkRsYU1ETXhGakFVQmdOVkJBb1REV05zZFhOMFpYSXViRzlqWVd3eEdUQVhCZ05WQkFNVEVHOXdaVzV6CmRHRmpheTFuWVd4bGNtRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEQ253akEKcU92SG9EZVlvR3k3Y0RybXcxMXA4N2RYRCtYV2dWYy8zaTlQby83OTVQUnMzeEhnUllJUUdBOUZsYW1PNXNNWQpBZjA2a05RWjRaTWVEN0REWEIzcXUxZzI1UTBqRWpGNzBWVGNvMXZDQUNTN05GK3dwZGQwM0NudEduNFlidnpjClZ3T0FrVjVsZ29URFgxTGVQaWI1ZTgvdzE1MmRkbHlhU3lGallGUGJrQVJ3TDIwOWpIZnRGQm1CMHoxdnZvd2oKV05ORkhQeFVlRXluL3NaSnJWVkh3QVU0ZlpzdVBvVEpldjRtU3orTUR6QVh2by9SZWtweUdwbi9lUUY5aXhTUwphQTUyTUlyY245d0ZmTVYyQVV0V2RZMFU1KytLTXBPdXpScVBDdjFHbnkwWm1WVlFkdmF1N1Yzc3cwVktaSlJ4Cmcwc0w2R2N4akhzbXBveFhBZ01CQUFHamdnRk9NSUlCU2pBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlJhVlpITHBzOEY5bnN5VzFWUwpNY080REJoLzRqQ0IrUVlEVlIwUkJJSHhNSUh1Z2hkdmNHVnVjM1JoWTJzdWIzQmxibk4wWVdOckxuTjJZNElsCmIzQmxibk4wWVdOckxtOXdaVzV6ZEdGamF5NXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVNLaTV2Y0dWdWMzUmgKWTJzdFoyRnNaWEpoZ2h3cUxtOXdaVzV6ZEdGamF5MW5ZV3hsY21FdWIzQmxibk4wWVdOcmdpQXFMbTl3Wlc1egpkR0ZqYXkxbllXeGxjbUV1YjNCbGJuTjBZV05yTG5OMlk0SW9LaTV2Y0dWdWMzUmhZMnN0WjJGc1pYSmhMbTl3ClpXNXpkR0ZqYXk1emRtTXVZMngxYzNSbGNvSXVLaTV2Y0dWdWMzUmhZMnN0WjJGc1pYSmhMbTl3Wlc1emRHRmoKYXk1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBS0JnZ3Foa2pPUFFRREFnTklBREJGQWlBQXUvZFdKa1I2ZXlZYQpoSFZXNUR3NHF5WDhneE41Znd5NjhpNi8zTGRoTWdJaEFOV29rSzBvSlVxZ24zTFRKV0FBSVJEWVdFUmhVUWZ3ClY3QXFidE5BcmRtZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENud2pBcU92SG9EZVkKb0d5N2NEcm13MTFwODdkWEQrWFdnVmMvM2k5UG8vNzk1UFJzM3hIZ1JZSVFHQTlGbGFtTzVzTVlBZjA2a05RWgo0Wk1lRDdERFhCM3F1MWcyNVEwakVqRjcwVlRjbzF2Q0FDUzdORit3cGRkMDNDbnRHbjRZYnZ6Y1Z3T0FrVjVsCmdvVERYMUxlUGliNWU4L3cxNTJkZGx5YVN5RmpZRlBia0FSd0wyMDlqSGZ0RkJtQjB6MXZ2b3dqV05ORkhQeFUKZUV5bi9zWkpyVlZId0FVNGZac3VQb1RKZXY0bVN6K01EekFYdm8vUmVrcHlHcG4vZVFGOWl4U1NhQTUyTUlyYwpuOXdGZk1WMkFVdFdkWTBVNSsrS01wT3V6UnFQQ3YxR255MFptVlZRZHZhdTdWM3N3MFZLWkpSeGcwc0w2R2N4CmpIc21wb3hYQWdNQkFBRUNnZ0VBZUJoYzlVNEhtTHJVTTltaTN4TkZOWXNPeE1mQXRmZTRjMktDN1lWMG1tZHYKZlVyZ1RhSmxUSWgzMXVpUjIvV2JtUFBySlpCc3E4d2RKZzlka2lwS2dITUNmd3UyUnNHWEZySXVXT0oyeEdRRgp4alFDZG9hK0dhcHN4czdwREVmUjBkQUROeEIydDhwOGZwVkl5YXF6M3pKcEtJQnZjNFlKMjlYakZNOFJ2bGpwCmRhZW1sWUdic3NRZEFNQVN2cUVzWlRqNU9mSWVsV0pvdEszUTFvcTFXNEMxelVZKzhra05sZEJQWTRYdDNCNlEKWVk1QS9ZSE9sUThMREcwQUpIMXhYZUNic0lyMG9OdDdNQ3kvUTRBVE1IL0loekRMZ3JsY0R6ck5BYVppdkl1Ywo1eDI0SDlQSVpmbThxcG1HYW1zVVpxSCtwQXhNdXMvTTVnME5YNkF1MlFLQmdRRHhUVVJMbGpNekpiZExtRUdhClBSSzByRE1MWXhWeEpqZjZudXJYUXZRRmk5TmFpZzAvNzgzNDJBU3poOHBTWVVMKzdqalpGdnRzWG9kOFF4aG4KMU11c1g4czFvRUprckxubkEyZEdETFJIdUMwWUpLUGJ5WFZXbHhFSVFNYjNheUJ1dWlkYTFLZDl6OEpzSWc0LwpGcDEwbWo2Z1lGb1E5dU5mcTcwREdscXUwd0tCZ1FET2VkclhHK0dybjM4aWFhcktlc3NwbVd2ZjFtM3VmV2swCnlYN3FNTzJpYzBHQWRFRkRJMFpJQVcxUmx3blBnTjJvMnZoc3NSa05MNy9UMmo4cjJKYnNxTTRzYnRyQUhXTi8KUi9TdmF1MW5rMmtNWUwvT0pwNkxDM3YydjlJSmhicDUzcCs0R21URDdNbFFHZkJtM2txam9Ba040eitYeVpraAoveDkwYkVDaDdRS0JnUUMzeDN0dWZqVDhqWXN1dmdXbzdUN2o4QXJvYjB5VFl1SmJ0TkZ6cFlDcEFMZTJTMUtRCkVabzBIb0ptSWRQTUxsdVNRZWwySGZUYnNwdEozdWdsbklLTEJHS0dzMG9kMXhlM2hIWVJlZmVNY0ErWVJiK3UKMDU3VWxqWFlyVTFjZjNDeUpJRjR3bUhXaG5lelY3UzJCQWxrRjEzL1U2TUZMS1E3NTFjTGwvVGRGUUtCZ0dheQptMVBFN1hFa3F1S2Q5akl4ODEwa2oxQk5ZbTV0K0djbUZiYzhVT1l0TjVaQnZMZzlFbGI4UnJoL1RJVG1UdG9PCjErT1FEcXJOWmpka1pXbFVtSFRyM1dpaVZyR1pySVNCY01YVGhIT3hFVjN6dlZNM1NFSldtdmozSGV4WWxKREwKVjF3RjNMckt5ckxKeEJZV1dMK2IrUVRzVkJRV1ZORmhDTzhxYk5kZEFvR0FGTEpiRnNHRThjVWdEWEtjcW55RQpPTHdmd3JSMmsrVngxcTc2a1laQVU4eHlmS093NFNxK1JSNmFqMDQvU0xhR0ozY2RwR244VGFCZGNYRjR2alJMCjIrQ1RBdndxVkszbTI5dzZrUDlIeG9CcGJUdnlIRGFvSnNqMDkxQUpaazh2RVl6Wm1NNms5RjJ3clN6ZGVXY2UKMnRzMk5LS0pUekdBTWpKNEZDeWxsNzA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K # notsecret
+  tls-ca-bundle.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJjVENDQVJhZ0F3SUJBZ0lRSVhmRWFGaHhnNWRxT0YyNjlrRGlaREFLQmdncWhrak9QUVFEQWpBWU1SWXcKRkFZRFZRUURFdzF6Wld4bWMybG5ibVZrTFdOaE1CNFhEVEkxTVRFd016RTROVE15TVZvWERUSTVNRGN3TWpFNApOVE15TVZvd0dERVdNQlFHQTFVRUF4TU5jMlZzWm5OcFoyNWxaQzFqWVRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJGTzg0QlRSYTFoU0ZzZVFIUk4xVzhiRE1RMHRXUC9LQjF3emZtc2kzaWRLUDBPc3dSRFgKcXdYbzkzR1FFc2VuamhQbmpZdEl2L2xZY3A5WnI2Wm5pME9qUWpCQU1BNEdBMVVkRHdFQi93UUVBd0lDcERBUApCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCU2ZSLy9yL1BGeUUxNytkSHIzdnk5SlNJeHFEREFLCkJnZ3Foa2pPUFFRREFnTkpBREJHQWlFQW5URjNSZzczcXpQbSs4MDZzS0dWdGdxUDVad2RiZlg0REZ1ai8vc0EKQ2VjQ0lRQ1dzd2ZvRWFwem1ydGFWL0doY0ZRcWFsN0VsYklSTjJTZjd4V1gxUGUrWXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaRENDQXd1Z0F3SUJBZ0lSQU9NM3NmMXNzOUFyenk2aEZWaldOYnN3Q2dZSUtvWkl6ajBFQXdJd0dERVcKTUJRR0ExVUVBeE1OYzJWc1puTnBaMjVsWkMxallUQWVGdzB5TlRFeE1ETXhPRFV6TWpKYUZ3MHlPVEEzTURJeApPRFV6TWpKYU1ETXhGakFVQmdOVkJBb1REV05zZFhOMFpYSXViRzlqWVd3eEdUQVhCZ05WQkFNVEVHOXdaVzV6CmRHRmpheTFuWVd4bGNtRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDaUtvREkKYmEzUkc2bCtjOWNqa25zSVpJNWpJQjd3SXJGdlQ3dUNzdWlLYVoxU0FBUG5tUXBTVmdsdDEzdjRZYjZCZ1o1aAorR1Z2WFRNWTB5SnFheExUZWdrRWxDcDFOWUppR1duaDVqc0V2ZkM0UWNicHNWTncrMEpyeUVCaHdrUU92ZkI2ClhtWXJRcmNBSkFoMTFZaFYxN2JjWEpFMFZxN3VZSldmZi92VTBzNUFoSzBsbkJOK2x2TFRiRmEzSW5xQmgvQkUKNWRrMUkxNDc1Qmk1OVdDdEEvN0JOdXNFZitVc254VDQxNytRL1MyYkNFMnRhSzduUSs4bXhDYVd2aFJmYTQybgord3E4azd1YVAzSEVEVEpJUHZNbEc1a1dVRjVObHMxWDg5cWNwcHhPMmVNby85SlZ3Q0lYMkV1eG1UVnV3UjlBCmJXS1A1SWM2cUo1dUp3SUJBZ01CQUFHamdnRk9NSUlCU2pBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlNmUi8vci9QRnlFMTcrZEhyMwp2eTlKU0l4cUREQ0IrUVlEVlIwUkJJSHhNSUh1Z2hkdmNHVnVjM1JoWTJzdWIzQmxibk4wWVdOckxuTjJZNElsCmIzQmxibk4wWVdOckxtOXdaVzV6ZEdGamF5NXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVNLaTV2Y0dWdWMzUmgKWTJzdFoyRnNaWEpoZ2h3cUxtOXdaVzV6ZEdGamF5MW5ZV3hsY21FdWIzQmxibk4wWVdOcmdpQXFMbTl3Wlc1egpkR0ZqYXkxbllXeGxjbUV1YjNCbGJuTjBZV05yTG5OMlk0SW9LaTV2Y0dWdWMzUmhZMnN0WjJGc1pYSmhMbTl3ClpXNXpkR0ZqYXk1emRtTXVZMngxYzNSbGNvSXVLaTV2Y0dWdWMzUmhZMnN0WjJGc1pYSmhMbTl3Wlc1emRHRmoKYXk1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBS0JnZ3Foa2pPUFFRREFnTkhBREJFQWlCeEgrU21VcTlzd3J3egp1VlhZdlp3Qlh5M0xIOWNodXVpektsSmlPbzVHaXdJZ0paYkVtQTZ3NzJEek1KTXpGVy9sWUtQVVJTR1pmbjZkCk41Wk9FdVVzWmx3PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2lLb0RJYmEzUkc2bCsKYzljamtuc0laSTVqSUI3d0lyRnZUN3VDc3VpS2FaMVNBQVBubVFwU1ZnbHQxM3Y0WWI2QmdaNWgrR1Z2WFRNWQoweUpxYXhMVGVna0VsQ3AxTllKaUdXbmg1anNFdmZDNFFjYnBzVk53KzBKcnlFQmh3a1FPdmZCNlhtWXJRcmNBCkpBaDExWWhWMTdiY1hKRTBWcTd1WUpXZmYvdlUwczVBaEswbG5CTitsdkxUYkZhM0lucUJoL0JFNWRrMUkxNDcKNUJpNTlXQ3RBLzdCTnVzRWYrVXNueFQ0MTcrUS9TMmJDRTJ0YUs3blErOG14Q2FXdmhSZmE0Mm4rd3E4azd1YQpQM0hFRFRKSVB2TWxHNWtXVUY1TmxzMVg4OXFjcHB4TzJlTW8vOUpWd0NJWDJFdXhtVFZ1d1I5QWJXS1A1SWM2CnFKNXVKd0lCQWdNQkFBRUNnZ0VBRThaVkQvRWluMURkT1UzM21uU0pTNUVLTlVJOGVPZEhkY2htUXQ0b01kWUcKZzNKUnNqM2M5QVN6MVB0NjR1TkxHaVhCTjR4L3YyQnJ2bHpqWWRDNWFmcFpVU3FlM0NOd25uVWZqcGJHOUV3VAowajdnZWxkNlVsa0JWTkt3THlaRHF2eUp4T2VhcVM4b2U2YnBOVEtiRThTMThyeUMrYnZtOXdDUXlQTmxYODA4Cm5Yd0VrNmJ2U0EwUEY0eGd5V0M1SmZoYUJvUkZZR1ovUnpUaTQrRmR2M0k0c0JnOW5DQzU2NzIvbE1YMmVGenAKcFM5Q1A5TkMrT2d0MjZMbFJoNkxCNkNieDVTekdVVTRKemx3SEFQRjl3dzZOR0ZqVS81cldmdlpYT05jUTZlNwpsYTFjWU83eThRVFdmamNHTTlsWXFpQ2hseWpsZWZBSW5FWGdzMkRWUlFLQmdRRFVDRG8yU2NmQk4yQ3pCV0pZCjBaVnRZY2JCaTNaTE1kekM0cWorTExKRnQ3Z0JvOC9GUUJsN1NLVHV2VzFCc1ZFY0pMVzUrYTB3VU5iVC9xckoKakwwU3R6b0gwNU9UK3lUTll5UjBXVnRFZG9PRmxQUi8yZDJSOXZETGpLRVhJZWlQTW1Pd1FpZWFzUFlRM29qdgpQa3I3Q2hCcFpFdXFxRkUyWmVwL0JXSjg2d0tCZ1FERHl4OUt3bU9oVU16akRIMHh4RHNLSjU1cWNGTjhlczZaClNWdkEyRERPQjkzU1dkSDB6RGRTc2E5RzYrUkpFb0hzTndjWHFvczNUQnFiT0tXWkJBZTlTQnJjdFhTTE5GdmUKSnY2OGlPS0k4UFZoQWdYbVpjcE5ZMVBHNUs1bFAxcEZNRC9ZMjNEZS9LOXVZQTNHaEZjbUlnL2orK1NwN0FoNQo2NFlzQXZMUnd3S0JnQTJKV080T1Y4cG1GcTVYTWFncCtUZzZmYzN0Y1dmcmp3U0NJL2ZXTXF0d3h6YVRscmdwCkYzZGZjK2dwLzhlcDRsdkJuRGg3VUNzOWZmbWEwSng5ZDdTeUxlcEIvN0g2M3FhZUpiMm4xc1BRTFNWaUZSbjAKZHNqUzB4eXJwYjBzVlFTUFd2M3R1MG1NOHFpeERGejV4Uit4ek1wdHRNYjRaL2JwR3NkeE9KQnhBb0dCQUtPegpraTlFaGw2Ykd5Ti9EckhzZXR5THNaVVc0NGJCZXptSXIxRjJzSitpemlHUS9jMnFiVnNUdXhRV0tPRzd1cXRRCmV2cWJtaGlhNWVnQUhkenBGTHQ2clJMNkdENUhnY1FsWUhrc0RoUW5PMUpuaVoxUVlDd0NMMHF0YXU2MllIaFcKMWhzdnBwaWFOdWVYSWcxb0d5R0QrenRJSWJDODYzMWNvZXJzY0M5WEFvR0FIL1ppclJSRlJmOWNWSWdRU3lMYQowSWNBWFNCUUdQaDNZcTlsd1JQSFlnRVl5dW9VeDJYSXg1amNRNlEyTFpoSitmT1VmOC9FYVMzVnNPYml1QXJ6CnpFTW5ZRVliRWY4ZW9wVzVKY3ppT0I3bW50ZjBkN3c4N1pkdlBPTHJySGU5Q1V0citEYjhwT0RIREJaM0lva1IKQncwVlM5bXUreEVxbUIwVmxUeW9raDg9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K # notsecret
diff --git a/tests/kuttl/tests/galera_cluster_restart/02-tls-certificate.yaml b/tests/kuttl/tests/galera_cluster_restart/02-tls-certificate.yaml
index ff86a204..cbb9218d 100644
--- a/tests/kuttl/tests/galera_cluster_restart/02-tls-certificate.yaml
+++ b/tests/kuttl/tests/galera_cluster_restart/02-tls-certificate.yaml
@@ -1,45 +1,16 @@
 # hardcode the secret generated by the certificate CR below,
 # to avoid kuttl from depending on cert-manager at runtime
 # the ca.crt key has been renamed to tls-ca-bundle.pem
-# ---
-# apiVersion: cert-manager.io/v1
-# kind: Certificate
-# metadata:
-#   name: kuttl-galera-cert
-# spec:
-#   secretName: kuttl-galera-tls
-#   duration: 12720h
-#   renewBefore: 1h
-#   subject:
-#     organizations:
-#       - cluster.local
-#   commonName: openstack-galera
-#   isCA: false
-#   privateKey:
-#     algorithm: RSA
-#     encoding: PKCS8
-#     size: 2048
-#   usages:
-#     - server auth
-#     - client auth
-#   dnsNames:
-#     - "openstack.openstack.svc"
-#     - "openstack.openstack.svc.cluster.local"
-#     - "*.openstack-galera"
-#     - "*.openstack-galera.openstack"
-#     - "*.openstack-galera.openstack.svc"
-#     - "*.openstack-galera.openstack.svc.cluster"
-#     - "*.openstack-galera.openstack.svc.cluster.local"
-#   issuerRef:
-#     name: kuttl-ca-issuer
-#     group: cert-manager.io
-#     kind: Issuer
+#
+# To regenerate certificates when they expire:
+# Run tests/chainsaw/common/regenerate-tls-certs.sh and copy the
+# generated secret data below. Rename secret name to kuttl-galera-tls.
 # ---
 apiVersion: v1
 kind: Secret
 metadata:
   name: kuttl-galera-tls
 data:
-  tls-ca-bundle.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJjRENDQVJhZ0F3SUJBZ0lRWm5GbEtqTU9SV1FhZ1VWcjVBV1BvVEFLQmdncWhrak9QUVFEQWpBWU1SWXcKRkFZRFZRUURFdzF6Wld4bWMybG5ibVZrTFdOaE1CNFhEVEkxTURjeU1URXpNRGN5TlZvWERUSTFNVEF4T1RFegpNRGN5TlZvd0dERVdNQlFHQTFVRUF4TU5jMlZzWm5OcFoyNWxaQzFqWVRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJBb0VNbG9ybmxkUENiSk51cjBLQW5HcERaU3VWWlhEdWpPNW15ckROS203bFh2RmJ3a2gKc0FXQjFpVDRqZ0o5UXgvVTcxYUxVN1A1bmZWQmVxcXAzazJqUWpCQU1BNEdBMVVkRHdFQi93UUVBd0lDcERBUApCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUmFWWkhMcHM4Rjluc3lXMVZTTWNPNERCaC80akFLCkJnZ3Foa2pPUFFRREFnTklBREJGQWlFQXZRMzdqbS9PSHROUjNlMU9NcUhNZUZ0Zzc3UE1SMm52ZG5pZnpubkgKYThRQ0lDZ3FIMWU1UkZWenBQME14WU1RZ0VkMzQyRGMvZ1p4STdQTzRwb2pFdTFvCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaVENDQXd1Z0F3SUJBZ0lSQU9EL21FQVo3VmNIMENabnBXV01nNm93Q2dZSUtvWkl6ajBFQXdJd0dERVcKTUJRR0ExVUVBeE1OYzJWc1puTnBaMjVsWkMxallUQWVGdzB5TlRBM01qRXhNek0wTkRsYUZ3MHlPVEF6TVRreApNek0wTkRsYU1ETXhGakFVQmdOVkJBb1REV05zZFhOMFpYSXViRzlqWVd3eEdUQVhCZ05WQkFNVEVHOXdaVzV6CmRHRmpheTFuWVd4bGNtRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEQ253akEKcU92SG9EZVlvR3k3Y0RybXcxMXA4N2RYRCtYV2dWYy8zaTlQby83OTVQUnMzeEhnUllJUUdBOUZsYW1PNXNNWQpBZjA2a05RWjRaTWVEN0REWEIzcXUxZzI1UTBqRWpGNzBWVGNvMXZDQUNTN05GK3dwZGQwM0NudEduNFlidnpjClZ3T0FrVjVsZ29URFgxTGVQaWI1ZTgvdzE1MmRkbHlhU3lGallGUGJrQVJ3TDIwOWpIZnRGQm1CMHoxdnZvd2oKV05ORkhQeFVlRXluL3NaSnJWVkh3QVU0ZlpzdVBvVEpldjRtU3orTUR6QVh2by9SZWtweUdwbi9lUUY5aXhTUwphQTUyTUlyY245d0ZmTVYyQVV0V2RZMFU1KytLTXBPdXpScVBDdjFHbnkwWm1WVlFkdmF1N1Yzc3cwVktaSlJ4Cmcwc0w2R2N4akhzbXBveFhBZ01CQUFHamdnRk9NSUlCU2pBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlJhVlpITHBzOEY5bnN5VzFWUwpNY080REJoLzRqQ0IrUVlEVlIwUkJJSHhNSUh1Z2hkdmNHVnVjM1JoWTJzdWIzQmxibk4wWVdOckxuTjJZNElsCmIzQmxibk4wWVdOckxtOXdaVzV6ZEdGamF5NXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVNLaTV2Y0dWdWMzUmgKWTJzdFoyRnNaWEpoZ2h3cUxtOXdaVzV6ZEdGamF5MW5ZV3hsY21FdWIzQmxibk4wWVdOcmdpQXFMbTl3Wlc1egpkR0ZqYXkxbllXeGxjbUV1YjNCbGJuTjBZV05yTG5OMlk0SW9LaTV2Y0dWdWMzUmhZMnN0WjJGc1pYSmhMbTl3ClpXNXpkR0ZqYXk1emRtTXVZMngxYzNSbGNvSXVLaTV2Y0dWdWMzUmhZMnN0WjJGc1pYSmhMbTl3Wlc1emRHRmoKYXk1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBS0JnZ3Foa2pPUFFRREFnTklBREJGQWlBQXUvZFdKa1I2ZXlZYQpoSFZXNUR3NHF5WDhneE41Znd5NjhpNi8zTGRoTWdJaEFOV29rSzBvSlVxZ24zTFRKV0FBSVJEWVdFUmhVUWZ3ClY3QXFidE5BcmRtZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENud2pBcU92SG9EZVkKb0d5N2NEcm13MTFwODdkWEQrWFdnVmMvM2k5UG8vNzk1UFJzM3hIZ1JZSVFHQTlGbGFtTzVzTVlBZjA2a05RWgo0Wk1lRDdERFhCM3F1MWcyNVEwakVqRjcwVlRjbzF2Q0FDUzdORit3cGRkMDNDbnRHbjRZYnZ6Y1Z3T0FrVjVsCmdvVERYMUxlUGliNWU4L3cxNTJkZGx5YVN5RmpZRlBia0FSd0wyMDlqSGZ0RkJtQjB6MXZ2b3dqV05ORkhQeFUKZUV5bi9zWkpyVlZId0FVNGZac3VQb1RKZXY0bVN6K01EekFYdm8vUmVrcHlHcG4vZVFGOWl4U1NhQTUyTUlyYwpuOXdGZk1WMkFVdFdkWTBVNSsrS01wT3V6UnFQQ3YxR255MFptVlZRZHZhdTdWM3N3MFZLWkpSeGcwc0w2R2N4CmpIc21wb3hYQWdNQkFBRUNnZ0VBZUJoYzlVNEhtTHJVTTltaTN4TkZOWXNPeE1mQXRmZTRjMktDN1lWMG1tZHYKZlVyZ1RhSmxUSWgzMXVpUjIvV2JtUFBySlpCc3E4d2RKZzlka2lwS2dITUNmd3UyUnNHWEZySXVXT0oyeEdRRgp4alFDZG9hK0dhcHN4czdwREVmUjBkQUROeEIydDhwOGZwVkl5YXF6M3pKcEtJQnZjNFlKMjlYakZNOFJ2bGpwCmRhZW1sWUdic3NRZEFNQVN2cUVzWlRqNU9mSWVsV0pvdEszUTFvcTFXNEMxelVZKzhra05sZEJQWTRYdDNCNlEKWVk1QS9ZSE9sUThMREcwQUpIMXhYZUNic0lyMG9OdDdNQ3kvUTRBVE1IL0loekRMZ3JsY0R6ck5BYVppdkl1Ywo1eDI0SDlQSVpmbThxcG1HYW1zVVpxSCtwQXhNdXMvTTVnME5YNkF1MlFLQmdRRHhUVVJMbGpNekpiZExtRUdhClBSSzByRE1MWXhWeEpqZjZudXJYUXZRRmk5TmFpZzAvNzgzNDJBU3poOHBTWVVMKzdqalpGdnRzWG9kOFF4aG4KMU11c1g4czFvRUprckxubkEyZEdETFJIdUMwWUpLUGJ5WFZXbHhFSVFNYjNheUJ1dWlkYTFLZDl6OEpzSWc0LwpGcDEwbWo2Z1lGb1E5dU5mcTcwREdscXUwd0tCZ1FET2VkclhHK0dybjM4aWFhcktlc3NwbVd2ZjFtM3VmV2swCnlYN3FNTzJpYzBHQWRFRkRJMFpJQVcxUmx3blBnTjJvMnZoc3NSa05MNy9UMmo4cjJKYnNxTTRzYnRyQUhXTi8KUi9TdmF1MW5rMmtNWUwvT0pwNkxDM3YydjlJSmhicDUzcCs0R21URDdNbFFHZkJtM2txam9Ba040eitYeVpraAoveDkwYkVDaDdRS0JnUUMzeDN0dWZqVDhqWXN1dmdXbzdUN2o4QXJvYjB5VFl1SmJ0TkZ6cFlDcEFMZTJTMUtRCkVabzBIb0ptSWRQTUxsdVNRZWwySGZUYnNwdEozdWdsbklLTEJHS0dzMG9kMXhlM2hIWVJlZmVNY0ErWVJiK3UKMDU3VWxqWFlyVTFjZjNDeUpJRjR3bUhXaG5lelY3UzJCQWxrRjEzL1U2TUZMS1E3NTFjTGwvVGRGUUtCZ0dheQptMVBFN1hFa3F1S2Q5akl4ODEwa2oxQk5ZbTV0K0djbUZiYzhVT1l0TjVaQnZMZzlFbGI4UnJoL1RJVG1UdG9PCjErT1FEcXJOWmpka1pXbFVtSFRyM1dpaVZyR1pySVNCY01YVGhIT3hFVjN6dlZNM1NFSldtdmozSGV4WWxKREwKVjF3RjNMckt5ckxKeEJZV1dMK2IrUVRzVkJRV1ZORmhDTzhxYk5kZEFvR0FGTEpiRnNHRThjVWdEWEtjcW55RQpPTHdmd3JSMmsrVngxcTc2a1laQVU4eHlmS093NFNxK1JSNmFqMDQvU0xhR0ozY2RwR244VGFCZGNYRjR2alJMCjIrQ1RBdndxVkszbTI5dzZrUDlIeG9CcGJUdnlIRGFvSnNqMDkxQUpaazh2RVl6Wm1NNms5RjJ3clN6ZGVXY2UKMnRzMk5LS0pUekdBTWpKNEZDeWxsNzA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K # notsecret
+  tls-ca-bundle.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJjVENDQVJhZ0F3SUJBZ0lRSVhmRWFGaHhnNWRxT0YyNjlrRGlaREFLQmdncWhrak9QUVFEQWpBWU1SWXcKRkFZRFZRUURFdzF6Wld4bWMybG5ibVZrTFdOaE1CNFhEVEkxTVRFd016RTROVE15TVZvWERUSTVNRGN3TWpFNApOVE15TVZvd0dERVdNQlFHQTFVRUF4TU5jMlZzWm5OcFoyNWxaQzFqWVRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJGTzg0QlRSYTFoU0ZzZVFIUk4xVzhiRE1RMHRXUC9LQjF3emZtc2kzaWRLUDBPc3dSRFgKcXdYbzkzR1FFc2VuamhQbmpZdEl2L2xZY3A5WnI2Wm5pME9qUWpCQU1BNEdBMVVkRHdFQi93UUVBd0lDcERBUApCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCU2ZSLy9yL1BGeUUxNytkSHIzdnk5SlNJeHFEREFLCkJnZ3Foa2pPUFFRREFnTkpBREJHQWlFQW5URjNSZzczcXpQbSs4MDZzS0dWdGdxUDVad2RiZlg0REZ1ai8vc0EKQ2VjQ0lRQ1dzd2ZvRWFwem1ydGFWL0doY0ZRcWFsN0VsYklSTjJTZjd4V1gxUGUrWXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaRENDQXd1Z0F3SUJBZ0lSQU9NM3NmMXNzOUFyenk2aEZWaldOYnN3Q2dZSUtvWkl6ajBFQXdJd0dERVcKTUJRR0ExVUVBeE1OYzJWc1puTnBaMjVsWkMxallUQWVGdzB5TlRFeE1ETXhPRFV6TWpKYUZ3MHlPVEEzTURJeApPRFV6TWpKYU1ETXhGakFVQmdOVkJBb1REV05zZFhOMFpYSXViRzlqWVd3eEdUQVhCZ05WQkFNVEVHOXdaVzV6CmRHRmpheTFuWVd4bGNtRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDaUtvREkKYmEzUkc2bCtjOWNqa25zSVpJNWpJQjd3SXJGdlQ3dUNzdWlLYVoxU0FBUG5tUXBTVmdsdDEzdjRZYjZCZ1o1aAorR1Z2WFRNWTB5SnFheExUZWdrRWxDcDFOWUppR1duaDVqc0V2ZkM0UWNicHNWTncrMEpyeUVCaHdrUU92ZkI2ClhtWXJRcmNBSkFoMTFZaFYxN2JjWEpFMFZxN3VZSldmZi92VTBzNUFoSzBsbkJOK2x2TFRiRmEzSW5xQmgvQkUKNWRrMUkxNDc1Qmk1OVdDdEEvN0JOdXNFZitVc254VDQxNytRL1MyYkNFMnRhSzduUSs4bXhDYVd2aFJmYTQybgord3E4azd1YVAzSEVEVEpJUHZNbEc1a1dVRjVObHMxWDg5cWNwcHhPMmVNby85SlZ3Q0lYMkV1eG1UVnV3UjlBCmJXS1A1SWM2cUo1dUp3SUJBZ01CQUFHamdnRk9NSUlCU2pBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlNmUi8vci9QRnlFMTcrZEhyMwp2eTlKU0l4cUREQ0IrUVlEVlIwUkJJSHhNSUh1Z2hkdmNHVnVjM1JoWTJzdWIzQmxibk4wWVdOckxuTjJZNElsCmIzQmxibk4wWVdOckxtOXdaVzV6ZEdGamF5NXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVNLaTV2Y0dWdWMzUmgKWTJzdFoyRnNaWEpoZ2h3cUxtOXdaVzV6ZEdGamF5MW5ZV3hsY21FdWIzQmxibk4wWVdOcmdpQXFMbTl3Wlc1egpkR0ZqYXkxbllXeGxjbUV1YjNCbGJuTjBZV05yTG5OMlk0SW9LaTV2Y0dWdWMzUmhZMnN0WjJGc1pYSmhMbTl3ClpXNXpkR0ZqYXk1emRtTXVZMngxYzNSbGNvSXVLaTV2Y0dWdWMzUmhZMnN0WjJGc1pYSmhMbTl3Wlc1emRHRmoKYXk1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBS0JnZ3Foa2pPUFFRREFnTkhBREJFQWlCeEgrU21VcTlzd3J3egp1VlhZdlp3Qlh5M0xIOWNodXVpektsSmlPbzVHaXdJZ0paYkVtQTZ3NzJEek1KTXpGVy9sWUtQVVJTR1pmbjZkCk41Wk9FdVVzWmx3PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2lLb0RJYmEzUkc2bCsKYzljamtuc0laSTVqSUI3d0lyRnZUN3VDc3VpS2FaMVNBQVBubVFwU1ZnbHQxM3Y0WWI2QmdaNWgrR1Z2WFRNWQoweUpxYXhMVGVna0VsQ3AxTllKaUdXbmg1anNFdmZDNFFjYnBzVk53KzBKcnlFQmh3a1FPdmZCNlhtWXJRcmNBCkpBaDExWWhWMTdiY1hKRTBWcTd1WUpXZmYvdlUwczVBaEswbG5CTitsdkxUYkZhM0lucUJoL0JFNWRrMUkxNDcKNUJpNTlXQ3RBLzdCTnVzRWYrVXNueFQ0MTcrUS9TMmJDRTJ0YUs3blErOG14Q2FXdmhSZmE0Mm4rd3E4azd1YQpQM0hFRFRKSVB2TWxHNWtXVUY1TmxzMVg4OXFjcHB4TzJlTW8vOUpWd0NJWDJFdXhtVFZ1d1I5QWJXS1A1SWM2CnFKNXVKd0lCQWdNQkFBRUNnZ0VBRThaVkQvRWluMURkT1UzM21uU0pTNUVLTlVJOGVPZEhkY2htUXQ0b01kWUcKZzNKUnNqM2M5QVN6MVB0NjR1TkxHaVhCTjR4L3YyQnJ2bHpqWWRDNWFmcFpVU3FlM0NOd25uVWZqcGJHOUV3VAowajdnZWxkNlVsa0JWTkt3THlaRHF2eUp4T2VhcVM4b2U2YnBOVEtiRThTMThyeUMrYnZtOXdDUXlQTmxYODA4Cm5Yd0VrNmJ2U0EwUEY0eGd5V0M1SmZoYUJvUkZZR1ovUnpUaTQrRmR2M0k0c0JnOW5DQzU2NzIvbE1YMmVGenAKcFM5Q1A5TkMrT2d0MjZMbFJoNkxCNkNieDVTekdVVTRKemx3SEFQRjl3dzZOR0ZqVS81cldmdlpYT05jUTZlNwpsYTFjWU83eThRVFdmamNHTTlsWXFpQ2hseWpsZWZBSW5FWGdzMkRWUlFLQmdRRFVDRG8yU2NmQk4yQ3pCV0pZCjBaVnRZY2JCaTNaTE1kekM0cWorTExKRnQ3Z0JvOC9GUUJsN1NLVHV2VzFCc1ZFY0pMVzUrYTB3VU5iVC9xckoKakwwU3R6b0gwNU9UK3lUTll5UjBXVnRFZG9PRmxQUi8yZDJSOXZETGpLRVhJZWlQTW1Pd1FpZWFzUFlRM29qdgpQa3I3Q2hCcFpFdXFxRkUyWmVwL0JXSjg2d0tCZ1FERHl4OUt3bU9oVU16akRIMHh4RHNLSjU1cWNGTjhlczZaClNWdkEyRERPQjkzU1dkSDB6RGRTc2E5RzYrUkpFb0hzTndjWHFvczNUQnFiT0tXWkJBZTlTQnJjdFhTTE5GdmUKSnY2OGlPS0k4UFZoQWdYbVpjcE5ZMVBHNUs1bFAxcEZNRC9ZMjNEZS9LOXVZQTNHaEZjbUlnL2orK1NwN0FoNQo2NFlzQXZMUnd3S0JnQTJKV080T1Y4cG1GcTVYTWFncCtUZzZmYzN0Y1dmcmp3U0NJL2ZXTXF0d3h6YVRscmdwCkYzZGZjK2dwLzhlcDRsdkJuRGg3VUNzOWZmbWEwSng5ZDdTeUxlcEIvN0g2M3FhZUpiMm4xc1BRTFNWaUZSbjAKZHNqUzB4eXJwYjBzVlFTUFd2M3R1MG1NOHFpeERGejV4Uit4ek1wdHRNYjRaL2JwR3NkeE9KQnhBb0dCQUtPegpraTlFaGw2Ykd5Ti9EckhzZXR5THNaVVc0NGJCZXptSXIxRjJzSitpemlHUS9jMnFiVnNUdXhRV0tPRzd1cXRRCmV2cWJtaGlhNWVnQUhkenBGTHQ2clJMNkdENUhnY1FsWUhrc0RoUW5PMUpuaVoxUVlDd0NMMHF0YXU2MllIaFcKMWhzdnBwaWFOdWVYSWcxb0d5R0QrenRJSWJDODYzMWNvZXJzY0M5WEFvR0FIL1ppclJSRlJmOWNWSWdRU3lMYQowSWNBWFNCUUdQaDNZcTlsd1JQSFlnRVl5dW9VeDJYSXg1amNRNlEyTFpoSitmT1VmOC9FYVMzVnNPYml1QXJ6CnpFTW5ZRVliRWY4ZW9wVzVKY3ppT0I3bW50ZjBkN3c4N1pkdlBPTHJySGU5Q1V0citEYjhwT0RIREJaM0lva1IKQncwVlM5bXUreEVxbUIwVmxUeW9raDg9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K # notsecret
diff --git a/tests/kuttl/tests/galera_deploy_tls/01-tls-certificate.yaml b/tests/kuttl/tests/galera_deploy_tls/01-tls-certificate.yaml
index ff86a204..cbb9218d 100644
--- a/tests/kuttl/tests/galera_deploy_tls/01-tls-certificate.yaml
+++ b/tests/kuttl/tests/galera_deploy_tls/01-tls-certificate.yaml
@@ -1,45 +1,16 @@
 # hardcode the secret generated by the certificate CR below,
 # to avoid kuttl from depending on cert-manager at runtime
 # the ca.crt key has been renamed to tls-ca-bundle.pem
-# ---
-# apiVersion: cert-manager.io/v1
-# kind: Certificate
-# metadata:
-#   name: kuttl-galera-cert
-# spec:
-#   secretName: kuttl-galera-tls
-#   duration: 12720h
-#   renewBefore: 1h
-#   subject:
-#     organizations:
-#       - cluster.local
-#   commonName: openstack-galera
-#   isCA: false
-#   privateKey:
-#     algorithm: RSA
-#     encoding: PKCS8
-#     size: 2048
-#   usages:
-#     - server auth
-#     - client auth
-#   dnsNames:
-#     - "openstack.openstack.svc"
-#     - "openstack.openstack.svc.cluster.local"
-#     - "*.openstack-galera"
-#     - "*.openstack-galera.openstack"
-#     - "*.openstack-galera.openstack.svc"
-#     - "*.openstack-galera.openstack.svc.cluster"
-#     - "*.openstack-galera.openstack.svc.cluster.local"
-#   issuerRef:
-#     name: kuttl-ca-issuer
-#     group: cert-manager.io
-#     kind: Issuer
+#
+# To regenerate certificates when they expire:
+# Run tests/chainsaw/common/regenerate-tls-certs.sh and copy the
+# generated secret data below. Rename secret name to kuttl-galera-tls.
 # ---
 apiVersion: v1
 kind: Secret
 metadata:
   name: kuttl-galera-tls
 data:
-  tls-ca-bundle.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJjRENDQVJhZ0F3SUJBZ0lRWm5GbEtqTU9SV1FhZ1VWcjVBV1BvVEFLQmdncWhrak9QUVFEQWpBWU1SWXcKRkFZRFZRUURFdzF6Wld4bWMybG5ibVZrTFdOaE1CNFhEVEkxTURjeU1URXpNRGN5TlZvWERUSTFNVEF4T1RFegpNRGN5TlZvd0dERVdNQlFHQTFVRUF4TU5jMlZzWm5OcFoyNWxaQzFqWVRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJBb0VNbG9ybmxkUENiSk51cjBLQW5HcERaU3VWWlhEdWpPNW15ckROS203bFh2RmJ3a2gKc0FXQjFpVDRqZ0o5UXgvVTcxYUxVN1A1bmZWQmVxcXAzazJqUWpCQU1BNEdBMVVkRHdFQi93UUVBd0lDcERBUApCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCUmFWWkhMcHM4Rjluc3lXMVZTTWNPNERCaC80akFLCkJnZ3Foa2pPUFFRREFnTklBREJGQWlFQXZRMzdqbS9PSHROUjNlMU9NcUhNZUZ0Zzc3UE1SMm52ZG5pZnpubkgKYThRQ0lDZ3FIMWU1UkZWenBQME14WU1RZ0VkMzQyRGMvZ1p4STdQTzRwb2pFdTFvCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaVENDQXd1Z0F3SUJBZ0lSQU9EL21FQVo3VmNIMENabnBXV01nNm93Q2dZSUtvWkl6ajBFQXdJd0dERVcKTUJRR0ExVUVBeE1OYzJWc1puTnBaMjVsWkMxallUQWVGdzB5TlRBM01qRXhNek0wTkRsYUZ3MHlPVEF6TVRreApNek0wTkRsYU1ETXhGakFVQmdOVkJBb1REV05zZFhOMFpYSXViRzlqWVd3eEdUQVhCZ05WQkFNVEVHOXdaVzV6CmRHRmpheTFuWVd4bGNtRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEQ253akEKcU92SG9EZVlvR3k3Y0RybXcxMXA4N2RYRCtYV2dWYy8zaTlQby83OTVQUnMzeEhnUllJUUdBOUZsYW1PNXNNWQpBZjA2a05RWjRaTWVEN0REWEIzcXUxZzI1UTBqRWpGNzBWVGNvMXZDQUNTN05GK3dwZGQwM0NudEduNFlidnpjClZ3T0FrVjVsZ29URFgxTGVQaWI1ZTgvdzE1MmRkbHlhU3lGallGUGJrQVJ3TDIwOWpIZnRGQm1CMHoxdnZvd2oKV05ORkhQeFVlRXluL3NaSnJWVkh3QVU0ZlpzdVBvVEpldjRtU3orTUR6QVh2by9SZWtweUdwbi9lUUY5aXhTUwphQTUyTUlyY245d0ZmTVYyQVV0V2RZMFU1KytLTXBPdXpScVBDdjFHbnkwWm1WVlFkdmF1N1Yzc3cwVktaSlJ4Cmcwc0w2R2N4akhzbXBveFhBZ01CQUFHamdnRk9NSUlCU2pBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlJhVlpITHBzOEY5bnN5VzFWUwpNY080REJoLzRqQ0IrUVlEVlIwUkJJSHhNSUh1Z2hkdmNHVnVjM1JoWTJzdWIzQmxibk4wWVdOckxuTjJZNElsCmIzQmxibk4wWVdOckxtOXdaVzV6ZEdGamF5NXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVNLaTV2Y0dWdWMzUmgKWTJzdFoyRnNaWEpoZ2h3cUxtOXdaVzV6ZEdGamF5MW5ZV3hsY21FdWIzQmxibk4wWVdOcmdpQXFMbTl3Wlc1egpkR0ZqYXkxbllXeGxjbUV1YjNCbGJuTjBZV05yTG5OMlk0SW9LaTV2Y0dWdWMzUmhZMnN0WjJGc1pYSmhMbTl3ClpXNXpkR0ZqYXk1emRtTXVZMngxYzNSbGNvSXVLaTV2Y0dWdWMzUmhZMnN0WjJGc1pYSmhMbTl3Wlc1emRHRmoKYXk1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBS0JnZ3Foa2pPUFFRREFnTklBREJGQWlBQXUvZFdKa1I2ZXlZYQpoSFZXNUR3NHF5WDhneE41Znd5NjhpNi8zTGRoTWdJaEFOV29rSzBvSlVxZ24zTFRKV0FBSVJEWVdFUmhVUWZ3ClY3QXFidE5BcmRtZgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRENud2pBcU92SG9EZVkKb0d5N2NEcm13MTFwODdkWEQrWFdnVmMvM2k5UG8vNzk1UFJzM3hIZ1JZSVFHQTlGbGFtTzVzTVlBZjA2a05RWgo0Wk1lRDdERFhCM3F1MWcyNVEwakVqRjcwVlRjbzF2Q0FDUzdORit3cGRkMDNDbnRHbjRZYnZ6Y1Z3T0FrVjVsCmdvVERYMUxlUGliNWU4L3cxNTJkZGx5YVN5RmpZRlBia0FSd0wyMDlqSGZ0RkJtQjB6MXZ2b3dqV05ORkhQeFUKZUV5bi9zWkpyVlZId0FVNGZac3VQb1RKZXY0bVN6K01EekFYdm8vUmVrcHlHcG4vZVFGOWl4U1NhQTUyTUlyYwpuOXdGZk1WMkFVdFdkWTBVNSsrS01wT3V6UnFQQ3YxR255MFptVlZRZHZhdTdWM3N3MFZLWkpSeGcwc0w2R2N4CmpIc21wb3hYQWdNQkFBRUNnZ0VBZUJoYzlVNEhtTHJVTTltaTN4TkZOWXNPeE1mQXRmZTRjMktDN1lWMG1tZHYKZlVyZ1RhSmxUSWgzMXVpUjIvV2JtUFBySlpCc3E4d2RKZzlka2lwS2dITUNmd3UyUnNHWEZySXVXT0oyeEdRRgp4alFDZG9hK0dhcHN4czdwREVmUjBkQUROeEIydDhwOGZwVkl5YXF6M3pKcEtJQnZjNFlKMjlYakZNOFJ2bGpwCmRhZW1sWUdic3NRZEFNQVN2cUVzWlRqNU9mSWVsV0pvdEszUTFvcTFXNEMxelVZKzhra05sZEJQWTRYdDNCNlEKWVk1QS9ZSE9sUThMREcwQUpIMXhYZUNic0lyMG9OdDdNQ3kvUTRBVE1IL0loekRMZ3JsY0R6ck5BYVppdkl1Ywo1eDI0SDlQSVpmbThxcG1HYW1zVVpxSCtwQXhNdXMvTTVnME5YNkF1MlFLQmdRRHhUVVJMbGpNekpiZExtRUdhClBSSzByRE1MWXhWeEpqZjZudXJYUXZRRmk5TmFpZzAvNzgzNDJBU3poOHBTWVVMKzdqalpGdnRzWG9kOFF4aG4KMU11c1g4czFvRUprckxubkEyZEdETFJIdUMwWUpLUGJ5WFZXbHhFSVFNYjNheUJ1dWlkYTFLZDl6OEpzSWc0LwpGcDEwbWo2Z1lGb1E5dU5mcTcwREdscXUwd0tCZ1FET2VkclhHK0dybjM4aWFhcktlc3NwbVd2ZjFtM3VmV2swCnlYN3FNTzJpYzBHQWRFRkRJMFpJQVcxUmx3blBnTjJvMnZoc3NSa05MNy9UMmo4cjJKYnNxTTRzYnRyQUhXTi8KUi9TdmF1MW5rMmtNWUwvT0pwNkxDM3YydjlJSmhicDUzcCs0R21URDdNbFFHZkJtM2txam9Ba040eitYeVpraAoveDkwYkVDaDdRS0JnUUMzeDN0dWZqVDhqWXN1dmdXbzdUN2o4QXJvYjB5VFl1SmJ0TkZ6cFlDcEFMZTJTMUtRCkVabzBIb0ptSWRQTUxsdVNRZWwySGZUYnNwdEozdWdsbklLTEJHS0dzMG9kMXhlM2hIWVJlZmVNY0ErWVJiK3UKMDU3VWxqWFlyVTFjZjNDeUpJRjR3bUhXaG5lelY3UzJCQWxrRjEzL1U2TUZMS1E3NTFjTGwvVGRGUUtCZ0dheQptMVBFN1hFa3F1S2Q5akl4ODEwa2oxQk5ZbTV0K0djbUZiYzhVT1l0TjVaQnZMZzlFbGI4UnJoL1RJVG1UdG9PCjErT1FEcXJOWmpka1pXbFVtSFRyM1dpaVZyR1pySVNCY01YVGhIT3hFVjN6dlZNM1NFSldtdmozSGV4WWxKREwKVjF3RjNMckt5ckxKeEJZV1dMK2IrUVRzVkJRV1ZORmhDTzhxYk5kZEFvR0FGTEpiRnNHRThjVWdEWEtjcW55RQpPTHdmd3JSMmsrVngxcTc2a1laQVU4eHlmS093NFNxK1JSNmFqMDQvU0xhR0ozY2RwR244VGFCZGNYRjR2alJMCjIrQ1RBdndxVkszbTI5dzZrUDlIeG9CcGJUdnlIRGFvSnNqMDkxQUpaazh2RVl6Wm1NNms5RjJ3clN6ZGVXY2UKMnRzMk5LS0pUekdBTWpKNEZDeWxsNzA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K # notsecret
+  tls-ca-bundle.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJjVENDQVJhZ0F3SUJBZ0lRSVhmRWFGaHhnNWRxT0YyNjlrRGlaREFLQmdncWhrak9QUVFEQWpBWU1SWXcKRkFZRFZRUURFdzF6Wld4bWMybG5ibVZrTFdOaE1CNFhEVEkxTVRFd016RTROVE15TVZvWERUSTVNRGN3TWpFNApOVE15TVZvd0dERVdNQlFHQTFVRUF4TU5jMlZzWm5OcFoyNWxaQzFqWVRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJGTzg0QlRSYTFoU0ZzZVFIUk4xVzhiRE1RMHRXUC9LQjF3emZtc2kzaWRLUDBPc3dSRFgKcXdYbzkzR1FFc2VuamhQbmpZdEl2L2xZY3A5WnI2Wm5pME9qUWpCQU1BNEdBMVVkRHdFQi93UUVBd0lDcERBUApCZ05WSFJNQkFmOEVCVEFEQVFIL01CMEdBMVVkRGdRV0JCU2ZSLy9yL1BGeUUxNytkSHIzdnk5SlNJeHFEREFLCkJnZ3Foa2pPUFFRREFnTkpBREJHQWlFQW5URjNSZzczcXpQbSs4MDZzS0dWdGdxUDVad2RiZlg0REZ1ai8vc0EKQ2VjQ0lRQ1dzd2ZvRWFwem1ydGFWL0doY0ZRcWFsN0VsYklSTjJTZjd4V1gxUGUrWXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaRENDQXd1Z0F3SUJBZ0lSQU9NM3NmMXNzOUFyenk2aEZWaldOYnN3Q2dZSUtvWkl6ajBFQXdJd0dERVcKTUJRR0ExVUVBeE1OYzJWc1puTnBaMjVsWkMxallUQWVGdzB5TlRFeE1ETXhPRFV6TWpKYUZ3MHlPVEEzTURJeApPRFV6TWpKYU1ETXhGakFVQmdOVkJBb1REV05zZFhOMFpYSXViRzlqWVd3eEdUQVhCZ05WQkFNVEVHOXdaVzV6CmRHRmpheTFuWVd4bGNtRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDaUtvREkKYmEzUkc2bCtjOWNqa25zSVpJNWpJQjd3SXJGdlQ3dUNzdWlLYVoxU0FBUG5tUXBTVmdsdDEzdjRZYjZCZ1o1aAorR1Z2WFRNWTB5SnFheExUZWdrRWxDcDFOWUppR1duaDVqc0V2ZkM0UWNicHNWTncrMEpyeUVCaHdrUU92ZkI2ClhtWXJRcmNBSkFoMTFZaFYxN2JjWEpFMFZxN3VZSldmZi92VTBzNUFoSzBsbkJOK2x2TFRiRmEzSW5xQmgvQkUKNWRrMUkxNDc1Qmk1OVdDdEEvN0JOdXNFZitVc254VDQxNytRL1MyYkNFMnRhSzduUSs4bXhDYVd2aFJmYTQybgord3E4azd1YVAzSEVEVEpJUHZNbEc1a1dVRjVObHMxWDg5cWNwcHhPMmVNby85SlZ3Q0lYMkV1eG1UVnV3UjlBCmJXS1A1SWM2cUo1dUp3SUJBZ01CQUFHamdnRk9NSUlCU2pBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWZCZ05WSFNNRUdEQVdnQlNmUi8vci9QRnlFMTcrZEhyMwp2eTlKU0l4cUREQ0IrUVlEVlIwUkJJSHhNSUh1Z2hkdmNHVnVjM1JoWTJzdWIzQmxibk4wWVdOckxuTjJZNElsCmIzQmxibk4wWVdOckxtOXdaVzV6ZEdGamF5NXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVNLaTV2Y0dWdWMzUmgKWTJzdFoyRnNaWEpoZ2h3cUxtOXdaVzV6ZEdGamF5MW5ZV3hsY21FdWIzQmxibk4wWVdOcmdpQXFMbTl3Wlc1egpkR0ZqYXkxbllXeGxjbUV1YjNCbGJuTjBZV05yTG5OMlk0SW9LaTV2Y0dWdWMzUmhZMnN0WjJGc1pYSmhMbTl3ClpXNXpkR0ZqYXk1emRtTXVZMngxYzNSbGNvSXVLaTV2Y0dWdWMzUmhZMnN0WjJGc1pYSmhMbTl3Wlc1emRHRmoKYXk1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBS0JnZ3Foa2pPUFFRREFnTkhBREJFQWlCeEgrU21VcTlzd3J3egp1VlhZdlp3Qlh5M0xIOWNodXVpektsSmlPbzVHaXdJZ0paYkVtQTZ3NzJEek1KTXpGVy9sWUtQVVJTR1pmbjZkCk41Wk9FdVVzWmx3PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2lLb0RJYmEzUkc2bCsKYzljamtuc0laSTVqSUI3d0lyRnZUN3VDc3VpS2FaMVNBQVBubVFwU1ZnbHQxM3Y0WWI2QmdaNWgrR1Z2WFRNWQoweUpxYXhMVGVna0VsQ3AxTllKaUdXbmg1anNFdmZDNFFjYnBzVk53KzBKcnlFQmh3a1FPdmZCNlhtWXJRcmNBCkpBaDExWWhWMTdiY1hKRTBWcTd1WUpXZmYvdlUwczVBaEswbG5CTitsdkxUYkZhM0lucUJoL0JFNWRrMUkxNDcKNUJpNTlXQ3RBLzdCTnVzRWYrVXNueFQ0MTcrUS9TMmJDRTJ0YUs3blErOG14Q2FXdmhSZmE0Mm4rd3E4azd1YQpQM0hFRFRKSVB2TWxHNWtXVUY1TmxzMVg4OXFjcHB4TzJlTW8vOUpWd0NJWDJFdXhtVFZ1d1I5QWJXS1A1SWM2CnFKNXVKd0lCQWdNQkFBRUNnZ0VBRThaVkQvRWluMURkT1UzM21uU0pTNUVLTlVJOGVPZEhkY2htUXQ0b01kWUcKZzNKUnNqM2M5QVN6MVB0NjR1TkxHaVhCTjR4L3YyQnJ2bHpqWWRDNWFmcFpVU3FlM0NOd25uVWZqcGJHOUV3VAowajdnZWxkNlVsa0JWTkt3THlaRHF2eUp4T2VhcVM4b2U2YnBOVEtiRThTMThyeUMrYnZtOXdDUXlQTmxYODA4Cm5Yd0VrNmJ2U0EwUEY0eGd5V0M1SmZoYUJvUkZZR1ovUnpUaTQrRmR2M0k0c0JnOW5DQzU2NzIvbE1YMmVGenAKcFM5Q1A5TkMrT2d0MjZMbFJoNkxCNkNieDVTekdVVTRKemx3SEFQRjl3dzZOR0ZqVS81cldmdlpYT05jUTZlNwpsYTFjWU83eThRVFdmamNHTTlsWXFpQ2hseWpsZWZBSW5FWGdzMkRWUlFLQmdRRFVDRG8yU2NmQk4yQ3pCV0pZCjBaVnRZY2JCaTNaTE1kekM0cWorTExKRnQ3Z0JvOC9GUUJsN1NLVHV2VzFCc1ZFY0pMVzUrYTB3VU5iVC9xckoKakwwU3R6b0gwNU9UK3lUTll5UjBXVnRFZG9PRmxQUi8yZDJSOXZETGpLRVhJZWlQTW1Pd1FpZWFzUFlRM29qdgpQa3I3Q2hCcFpFdXFxRkUyWmVwL0JXSjg2d0tCZ1FERHl4OUt3bU9oVU16akRIMHh4RHNLSjU1cWNGTjhlczZaClNWdkEyRERPQjkzU1dkSDB6RGRTc2E5RzYrUkpFb0hzTndjWHFvczNUQnFiT0tXWkJBZTlTQnJjdFhTTE5GdmUKSnY2OGlPS0k4UFZoQWdYbVpjcE5ZMVBHNUs1bFAxcEZNRC9ZMjNEZS9LOXVZQTNHaEZjbUlnL2orK1NwN0FoNQo2NFlzQXZMUnd3S0JnQTJKV080T1Y4cG1GcTVYTWFncCtUZzZmYzN0Y1dmcmp3U0NJL2ZXTXF0d3h6YVRscmdwCkYzZGZjK2dwLzhlcDRsdkJuRGg3VUNzOWZmbWEwSng5ZDdTeUxlcEIvN0g2M3FhZUpiMm4xc1BRTFNWaUZSbjAKZHNqUzB4eXJwYjBzVlFTUFd2M3R1MG1NOHFpeERGejV4Uit4ek1wdHRNYjRaL2JwR3NkeE9KQnhBb0dCQUtPegpraTlFaGw2Ykd5Ti9EckhzZXR5THNaVVc0NGJCZXptSXIxRjJzSitpemlHUS9jMnFiVnNUdXhRV0tPRzd1cXRRCmV2cWJtaGlhNWVnQUhkenBGTHQ2clJMNkdENUhnY1FsWUhrc0RoUW5PMUpuaVoxUVlDd0NMMHF0YXU2MllIaFcKMWhzdnBwaWFOdWVYSWcxb0d5R0QrenRJSWJDODYzMWNvZXJzY0M5WEFvR0FIL1ppclJSRlJmOWNWSWdRU3lMYQowSWNBWFNCUUdQaDNZcTlsd1JQSFlnRVl5dW9VeDJYSXg1amNRNlEyTFpoSitmT1VmOC9FYVMzVnNPYml1QXJ6CnpFTW5ZRVliRWY4ZW9wVzVKY3ppT0I3bW50ZjBkN3c4N1pkdlBPTHJySGU5Q1V0citEYjhwT0RIREJaM0lva1IKQncwVlM5bXUreEVxbUIwVmxUeW9raDg9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K # notsecret