Add alternate certs to load balancer via API

Ok, I’ve spent a ton of time trying to add additional certificates to my load balancer via the API and I’m officially out of ideas. I’m getting happy 202 responses, but the resource is not being changed. I feel like I have to be missing something stupid here. Shouldn’t the following work?

curl -X "POST" "https://myrancher.com/v1/loadbalancerservices/1s205/?action=update" \
    -H "Content-Type: application/json" \
    -H "Authorization: Basic ABC123" \
    -H "Accept: application/json" \
    -d "{ \"certificateIds\": [ \"1c13\" ] }"

(note that I’m doing this from a Node app, so the curl example is just for demonstrating the request)

I can add that same cert in the Rancher UI and then see that it’s added to the array in the API explorer, but I can’t seem to figure out how you add it with the API. Any help would be greatly appreciated. Thanks!

Couple things…

  • Use PUT to the links.self URL to update resources, not the update action. It exists mostly as a framework side-effect and will be removed eventually.

  • There are 2 fields, defaultCertificateId (which will be used if SNI matches or there is no SNI in the request) and certificateIds (additional ones that will be used if there is SNI and the name matches).

  • If you just picked one cert from the UI you probably have it in defaultCertificateId, so by adding a different one to certificateIds you’re just adding an alternate cert as an option, not changing the default one.

vincent:~ vincent$ curl -s -u 'access:secret' \
http://host:8080/v1/loadbalancerservices/1s7 \
| jq .defaultCertificateId,.certificateIds
"1c1"
[
  "1c2"
]

vincent:~ vincent$ curl -s -u 'access:secret' \
-X PUT  -H 'Content-Type: application/json' \
-d '{"defaultCertificateId": "1c3", "certificateIds": ["1c4","1c5"]}' \
http://host:8080/v1/loadbalancerservices/1s7
{...new copy of balancer...}

vincent:~ vincent$ curl -s -u 'access:secret' \
http://host:8080/v1/loadbalancerservices/1s7 \
| jq .defaultCertificateId,.certificateIds
"1c3"
[
  "1c4",
  "1c5"
]

Thanks Vincent.

I already have a wildcard cert set as the default, so I’m just trying to automate adding alternate certs when adding links to services that aren’t covered by that wildcard.

I assumed your suggestion was the correct approach, but I was getting a 405 - Method not allowed every time (which is how I ended up trying that ?action=update). But then I just figured out the real problem… I was doing POST instead of PUT. Oops. :slight_smile:

It’s always the stupid little things.

Everything’s working now. Thanks for the response!