renew: don't use Renew, just create a new cert

cmd/dkl-local-server/secrets.go

@@ -226,19 +226,7 @@ func (sd *SecretData) RenewCACert(cluster, name string) (err error) {
 		return
 	}
 
-	var newCert []byte
+	newCert, _, err := initca.NewFromSigner(newCACertReq(), signer)
-
-	cert, err := helpers.ParseCertificatePEM(ca.Cert)
-	if err == nil {
-		newCert, err = initca.RenewFromSigner(cert, signer)
-	}
-
-	if err != nil {
-		// failed to load or renew, create a new cert from the existing key
-		req := newCACertReq()
-		newCert, _, err = initca.NewFromSigner(req, signer)
-	}
-
 	if err != nil {
 		return
 	}