diff --git a/hack/scripts/getk3s.sh b/hack/scripts/getk3s.sh
index a02bbd43..8df8420e 100755
--- a/hack/scripts/getk3s.sh
+++ b/hack/scripts/getk3s.sh
@@ -8,10 +8,10 @@
 set -xe
 
 if [ ! -f "hack/bin/k3s-linux-amd64" ]; then
-	wget -O hack/bin/k3s-linux-amd64 https://github.com/k3s-io/k3s/releases/download/v1.28.14%2Bk3s1/k3s
+	wget -O hack/bin/k3s-linux-amd64 https://github.com/k3s-io/k3s/releases/download/v1.28.15%2Bk3s1/k3s
 fi
 if [ ! -f "hack/bin/k3s-linux-arm64" ]; then
-  wget -O hack/bin/k3s-linux-arm64 https://github.com/k3s-io/k3s/releases/download/v1.28.14%2Bk3s1/k3s-arm64
+  wget -O hack/bin/k3s-linux-arm64 https://github.com/k3s-io/k3s/releases/download/v1.28.15%2Bk3s1/k3s-arm64
 fi
 
 chmod +x hack/bin/k3s-linux-amd64 hack/bin/k3s-linux-arm64
diff --git a/internal/pkg/util/httptls/httptls.go b/internal/pkg/util/httptls/httptls.go
index 93a83b3e..f5ac0d5d 100644
--- a/internal/pkg/util/httptls/httptls.go
+++ b/internal/pkg/util/httptls/httptls.go
@@ -65,6 +65,10 @@ func checkCertificate(domain string) (bool, error) {
 			log.Warnf("domain %s use self-signed certificate", domain)
 			return true, nil
 		}
+		if strings.Contains(err.Error(), "x509: certificate has expired or is not vet valid") {
+			log.Warnf("domain %s tls expired", domain)
+			return true, nil
+		}
 		return false, err
 	}
 	defer func() { _ = resp.Body.Close() }()