From f4162efcb6b544ab9e7639c2fffe841605ff7d31 Mon Sep 17 00:00:00 2001
From: hc-github-team-nomad-core
 <82989552+hc-github-team-nomad-core@users.noreply.github.com>
Date: Tue, 7 Nov 2023 19:15:31 -0600
Subject: [PATCH] backport of commit ab36cf031c80253d9c2827852f8ecbeae3d6ff5b
 (#19027)

Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
---
 .changelog/18985.txt              | 3 +++
 client/vaultclient/vaultclient.go | 1 +
 2 files changed, 4 insertions(+)
 create mode 100644 .changelog/18985.txt

diff --git a/.changelog/18985.txt b/.changelog/18985.txt
new file mode 100644
index 000000000000..432582a858f4
--- /dev/null
+++ b/.changelog/18985.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+vault: Fixed an issue that could cause Nomad to attempt to renew a Vault token that is already expired
+```
diff --git a/client/vaultclient/vaultclient.go b/client/vaultclient/vaultclient.go
index b17bb614d781..c68424418c71 100644
--- a/client/vaultclient/vaultclient.go
+++ b/client/vaultclient/vaultclient.go
@@ -391,6 +391,7 @@ func (c *vaultClient) renew(req *vaultClientRenewalRequest) error {
 	fatal := false
 	if renewalErr != nil &&
 		(strings.Contains(renewalErr.Error(), "lease not found or lease is not renewable") ||
+			strings.Contains(renewalErr.Error(), "invalid lease ID") ||
 			strings.Contains(renewalErr.Error(), "lease is not renewable") ||
 			strings.Contains(renewalErr.Error(), "token not found") ||
 			strings.Contains(renewalErr.Error(), "permission denied")) {