A customer had misconfigured their secret in secretsmanager, updated the private key secret value without updating the corresponding certificate-arn tag, so the handshake from MSK Proxy to MSK Cluster could not complete successfully.
The issue was the certificate-arn tag on the secret still pointed to the old certificate even after they updated the secret value to a new private key that needed certificate-arn tag to point to the new certificate.
A customer had misconfigured their secret in secretsmanager, updated the private key secret value without updating the corresponding certificate-arn tag, so the handshake from MSK Proxy to MSK Cluster could not complete successfully.
The issue was the certificate-arn tag on the secret still pointed to the old certificate even after they updated the secret value to a new private key that needed certificate-arn tag to point to the new certificate.
logging of the issue if it happens: