diff --git a/roles/kubernetes/control-plane/templates/k8s-certs-renew.sh.j2 b/roles/kubernetes/control-plane/templates/k8s-certs-renew.sh.j2
index 89697635b8c3ca5b4c1efb37747b6d3ff49683f1..b3dae43cc26e781f82c82027ad81b68c9c77df65 100644
--- a/roles/kubernetes/control-plane/templates/k8s-certs-renew.sh.j2
+++ b/roles/kubernetes/control-plane/templates/k8s-certs-renew.sh.j2
@@ -8,7 +8,7 @@ echo "## Renewing certificates managed by kubeadm ##"
 
 echo "## Restarting control plane pods managed by kubeadm ##"
 {% if container_manager == "docker" %}
-{{ docker_bin_dir }}/docker ps -af 'name=k8s_POD_(kube-apiserver|kube-controller-manager|kube-scheduler|etcd)-*' -q | /usr/bin/xargs {{ docker_bin_dir }}/docker rm -f"
+{{ docker_bin_dir }}/docker ps -af 'name=k8s_POD_(kube-apiserver|kube-controller-manager|kube-scheduler|etcd)-*' -q | /usr/bin/xargs {{ docker_bin_dir }}/docker rm -f
 {% else %}
 {{ bin_dir }}/crictl pods --namespace kube-system --name 'kube-scheduler-*|kube-controller-manager-*|kube-apiserver-*|etcd-*' -q | /usr/bin/xargs {{ bin_dir }}/crictl rmp -f
 {% endif %}
diff --git a/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2 b/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2
index 825d983c63d4716ceec451f1878566a292a4ce46..e58e92ff877227df04d093e1296b4cc2054ecf00 100644
--- a/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2
+++ b/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2
@@ -3,7 +3,7 @@ Description=Timer to renew K8S control plane certificates
 
 [Timer]
 # First Monday of each month
-OnCalendar=Mon *-*-1..7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00
+OnCalendar=Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00
 
 [Install]
 WantedBy=multi-user.target
diff --git a/tests/files/packet_centos7-calico-ha-once-localhost.yml b/tests/files/packet_centos7-calico-ha-once-localhost.yml
index 6a44c6d0133cd299a68d949e0f7cf90744c7dfa5..dc08a314bdd27e5319aa4e6e3555f347a141c5f2 100644
--- a/tests/files/packet_centos7-calico-ha-once-localhost.yml
+++ b/tests/files/packet_centos7-calico-ha-once-localhost.yml
@@ -13,3 +13,5 @@ typha_enabled: true
 calico_backend: kdd
 typha_secure: true
 disable_ipv6_dns: true
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_centos7-calico-ha.yml b/tests/files/packet_centos7-calico-ha.yml
index 526f128994c6a03efc41b481a6a7005a8e94227a..7e9ba134638b50ad1f1a84ec885beaaacd57c3b6 100644
--- a/tests/files/packet_centos7-calico-ha.yml
+++ b/tests/files/packet_centos7-calico-ha.yml
@@ -12,3 +12,5 @@ dns_min_replicas: 1
 typha_enabled: true
 calico_backend: kdd
 typha_secure: true
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_centos8-crio.yml b/tests/files/packet_centos8-crio.yml
index 5baaaf83230d98fea6519d31f7e6fc5f6245a4b9..dda9223435d642aa8da6f166089f29da68dafde0 100644
--- a/tests/files/packet_centos8-crio.yml
+++ b/tests/files/packet_centos8-crio.yml
@@ -13,3 +13,5 @@ etcd_deployment_type: host
 
 # required
 calico_iptables_backend: "Auto"
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_debian10-containerd.yml b/tests/files/packet_debian10-containerd.yml
index e4367e619639057f34f98973752e7b41270f9873..a6725bcb6405814ac4beab6ffc7ad14f18baff7a 100644
--- a/tests/files/packet_debian10-containerd.yml
+++ b/tests/files/packet_debian10-containerd.yml
@@ -14,3 +14,5 @@ helm_enabled: true
 # https://gitlab.com/miouge/kubespray-ci/-/blob/a4fd5ed6857807f1c353cb60848aedebaf7d2c94/manifests/http-proxy.yml#L42
 http_proxy: http://172.30.30.30:8888
 https_proxy: http://172.30.30.30:8888
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_debian9-macvlan.yml b/tests/files/packet_debian9-macvlan.yml
index 01e4fc3fcf60b792a922458e57a5dda586427d08..7a80202f650bc1dd5596756a67f3f6ae407fa9d8 100644
--- a/tests/files/packet_debian9-macvlan.yml
+++ b/tests/files/packet_debian9-macvlan.yml
@@ -10,3 +10,5 @@ enable_nodelocaldns: false
 dns_min_replicas: 1
 kube_proxy_masquerade_all: true
 macvlan_interface: "eth0"
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_fedora33-calico.yml b/tests/files/packet_fedora33-calico.yml
index 51b843d0c95c1d70e6b29a36d064157ce8bcb403..0721734ded758e832b3ad79b955315f481f11823 100644
--- a/tests/files/packet_fedora33-calico.yml
+++ b/tests/files/packet_fedora33-calico.yml
@@ -10,3 +10,5 @@ kube_network_plugin: calico
 
 # Only docker package 20.10 for Fedora33
 docker_version: '20.10'
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_opensuse-canal.yml b/tests/files/packet_opensuse-canal.yml
index a82a07cd462aae1a86c3e65e40b79326af1a325c..aec66b88b83a0a53fe493ac20aa0c67be91bc6f7 100644
--- a/tests/files/packet_opensuse-canal.yml
+++ b/tests/files/packet_opensuse-canal.yml
@@ -11,3 +11,5 @@ dns_min_replicas: 1
 
 # test Ambassador
 ingress_ambassador_enabled: true
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_oracle7-canal-ha.yml b/tests/files/packet_oracle7-canal-ha.yml
index 01ca011a5bd328635c9863c22cdb3a6126fb632d..993bcf3dd6ba4edd162a9a8d348ac3914b7f5f03 100644
--- a/tests/files/packet_oracle7-canal-ha.yml
+++ b/tests/files/packet_oracle7-canal-ha.yml
@@ -9,3 +9,5 @@ kube_network_plugin: canal
 dynamic_kubelet_configuration: true
 deploy_netchecker: true
 dns_min_replicas: 1
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_ubuntu16-weave-sep.yml b/tests/files/packet_ubuntu16-weave-sep.yml
index db23cd6471195acfbb5de4300fb4d9d7a7d93975..72073d0881060ee20550c2410789d313c2830407 100644
--- a/tests/files/packet_ubuntu16-weave-sep.yml
+++ b/tests/files/packet_ubuntu16-weave-sep.yml
@@ -7,3 +7,5 @@ mode: separate
 kube_network_plugin: weave
 deploy_netchecker: true
 dns_min_replicas: 1
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_ubuntu18-cilium-sep.yml b/tests/files/packet_ubuntu18-cilium-sep.yml
index df6caaea905a6b8e82570408ce230aeb263f012f..394df8c6175a01c40cf22d811980551451d5088e 100644
--- a/tests/files/packet_ubuntu18-cilium-sep.yml
+++ b/tests/files/packet_ubuntu18-cilium-sep.yml
@@ -8,3 +8,5 @@ kube_network_plugin: cilium
 deploy_netchecker: true
 enable_network_policy: true
 dns_min_replicas: 1
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_ubuntu20-calico-aio.yml b/tests/files/packet_ubuntu20-calico-aio.yml
index 7f0b73ad7f49533b5b66b9e83ce8e374bba8321e..2e711dab348a16568e233065fc68b4b6159d858d 100644
--- a/tests/files/packet_ubuntu20-calico-aio.yml
+++ b/tests/files/packet_ubuntu20-calico-aio.yml
@@ -12,3 +12,5 @@ dns_min_replicas: 1
 # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
 kube_proxy_mode: iptables
 enable_nodelocaldns: False
+
+auto_renew_certificates: true