Self-Managed Flex Gateway Fails to Start Due to Expired TLS Certificate

Date de publication: Apr 30, 2026

Description

In a self-managed Flex Gateway environment, the gateway fails to start successfully. The pod remains in a Running state but does not become ready (0/1 Ready). Logs indicate a TLS failure during runtime initialization due to an expired certificate, preventing the agent from establishing a connection to the Anypoint control plane.

Error:

[flex-gateway-agent][error] Anypoint websocket: error connecting to server: remote error: tls: expired certificate

Résolution

1. Enable DEBUG logging to identify the source of the TLS error. Check logs for specific endpoints causing the failure.

2. Test connectivity from the Flex Gateway pod to the control-plan to confirm the issue.

$ flexctl check connections
Error: failed connecting to https://arm-mcm2-service.kprod-eu.msap.io: remote error: tls: expired certificate
$ flexctl registration inspect
{“expiration_date”: “2025-09-25 19:27:32 +0000 UTC”}

3. Renew the registartion file by following the official documentation.

Numéro d’article de la base de connaissances

005321521

Cet article a-t-il résolu votre problème ?

Dites-nous ce que nous pouvons améliorer !

Self-Managed Flex Gateway Fails to Start Due to Expired TLS Certificate

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List