diff --git a/_drafts/rotating_k3s_certs.md b/_drafts/rotating_k3s_certs.md
new file mode 100644
index 0000000..ab4fd9c
--- /dev/null
+++ b/_drafts/rotating_k3s_certs.md
@@ -0,0 +1,41 @@
+---
+title: "Draft"
+author: "James Pace"
+date: "2024/01/01"
+---
+
+Problem: k3s client certs, including the admin cert expire after 1 year.
+
+To see cert:
+```
+cat ~/.kube/config | grep client-certificate-data | cut -f2 -d : | tr -d ' ' | base64 -d | openssl x509 -text -out -
+```
+
+```
+ssh jimmy@192.168.1.103
+sudo systemctl stop k3s
+sudo k3s certificate rotate
+sudo systemctl start k3s
+
+
+```
+
+```
+sudo cp /etc/rancher/k3s/k3s.yaml ~/j7s-cluster.yaml
+sudo chown jimmy:jimmy ~/j7s-cluster.yaml
+exit
+
+```
+
+```
+rm  ~/.kube/j7s-cluster.yaml
+scp jimmy@192.168.1.103:~/j7s-cluster.yaml /home/jimmy/.kube/.
+# Use text editor to fix IP in file.
+
+```
+
+```
+export KUBECONFIG=~/.kube/j7s-cluster.yaml
+kubectl get nodes
+```
+