Skip to main content


If a bad TLS certificate is uploaded to the admin console or the kotsadm-tls secret is missing, the kots reset-tls command reapplies a default self-signed TLS certificate. For more information about the certificates stored in this secret, see Setting up TLS Certificates in the open source kURL documentation.


kubectl kots reset-tls [namespace] [flags]
  • Replace [namespace] with the namespace where the admin console and your KOTS application resides (required).
  • Provide [flags] according to the table below

This command supports all global flags and also:

-h, --helpHelp for reset-tls.
-n, --namespacestringThe namespace where the admin console is running.
--accept-anonymous-uploadsboolAllow uploading a new certificate prior to authenticating.


kubectl kots reset-tls sentry-namespace