In rancher I serve apps on two different domains, let’s call them domain1.com and domain2.com.
To be more precise, each app has a subdomain, e.g. foo.domain1.com.
The wildcard SSL cert for *.domain1.com was expiring so I added a new cert and deleted the old one.
However, now apps with a *.domain1.com name are giving a certificate error and trying to serve the certificate for domain2.com.
My load balancer is using haproxy and it seems that haproxy has not picked up the new cert. If I exec into the container and run " ls /etc/haproxy/certs/current/", I only see “domain2.com_wildcard.pem”.
I have restarted the container and also the load balancer service.
I have no idea why the new certificate is not being deployed.
There is nothing weird in the haproxy container logs, just this warning:
time=“2020-11-03T20:55:43Z” level=info msg=" – reloading haproxy config with the new config changes\n * Reloading haproxy haproxy\n[WARNING] 307/205542 (58) : config : ‘option forwardfor’ ignored for proxy ‘default’ as it requires HTTP mode.\n[WARNING] 307/205543 (60) : config : ‘option forwardfor’ ignored for proxy ‘default’ as it requires HTTP mode.\n …done.\n"
Yes, I know I should be running rancher 2. I will upgrade, but not just yet. In the meantime, some of my sites are being served with a certificate error.