Certificate issue on cluster upgraded from annual certs to 10 year certs

Upgraded an RKE 0.1.9 cluster of Kubernetes 1.11.1 and Rancher 2.0.8 to latest versions. Also was done in attempt to rotate certificates from yearly to 10 years.
Cluster all upgraded OK and RKE, Rancher and kubernetes all the latest stable versions. Certificates claim to have rotated OK and I can see them in /etc/kubernetes/ssl with 10 year lifetimes. I can also use rke to rotate and that runs OK with no errors.
However, /etc/kubernetes/.tmp still contains old certificates and so do secrets in UI.
Can I just copy the certs from ssl to .tmp ?
Will they then get picked up automatically in UI ?