Manually delete the associated certificate (the deleted certificate will be automatically recreated by the cluster operator). # entity- operator oc get secret $CLUSTER_NAME-entity- operator -certs -o yaml > $CLUSTER_NAME-entity- operator -certs.yaml oc delete secret $CLUSTER_NAME-entity- operator -certs oc delete $(oc get pods -o name | grep my-cluster-entity- operator ) # kafka oc get secret $CLUSTER_NAME-kafka-brokers -o yaml > $CLUSTER_NAME-kafka-brokers.yaml oc delete secret $CLUSTER_NAME-kafka-brokers oc delete pods -l strimzi.io/name=$CLUSTER_NAME-kafka # zookeeper oc get secret $CLUSTER_NAME-zookeeper-nodes -o yaml > $CLUSTER_NAME-zookeeper-nodes.yaml oc delete secret $CLUSTER_NAME-zookeeper-nodes oc delete pods -l strimzi.io/name=$CLUSTER_NAME-zookeeper # kafka exporter oc get secret $CLUSTER_NAME-kafka-exporter-certs -o yaml > $CLUSTER_NAME-kafka-exporter-certs.yaml oc delete secret $CLUSTER_NAME-kafka-exporter-certs oc delete pods -l strimzi.io/name=$CLUSTER_NAME-kafka-exporter

start a Kafka cluster with Kafka Exporter oc annotate secret my-cluster-cluster-ca strimzi.io/force-replace=true => the only following secrets will be renewed: my-cluster-cluster-ca my-cluster-cluster-ca-cert my-cluster-cluster-ca my-cluster-cluster- operator -certs => After that Zookeeper, Kafka, Entity Operator, Kafka Exporter Pods will be restart, however, their certificates will not be renewed, and Kafka brokers cannot communicate with each other with "Failed authentication (SSL handshake failed)".