After rancher installation 'your connection is not private' error

i’ve stumbled upon ‘your connection is not private’ error when i tried to load the ip to the browser after rancher 2.0 manual installation/deployment

sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher

it was a breeze installing/deploying rancher 1.6, now rancher 2.0 needs certs installed first before you install rancher 2.0 in https://rancher.com/docs/rancher/v2.x/en/installation/single-node/

i dont have any prior knowledge on creating ssl, any workaround with this?

it generated certs for rancher 2.0 by default after the install but browser recognized it as not safe. there must be wrong with the generated certs? *this is a bummer

The forums and issues are watched by the same people, what information in https://github.com/rancher/rancher/issues/15927 was not available to workaround your issue?

my dev environment specs as required provisions

ubuntu 16.04.5 (installed standard packages with openssh)
docker 17.03.2-ce
virtual-machine: virtual box version 5.2.18
rancher 2.0 stable & latest

i’ve created a self signed cert using the openssl below:

openssl genrsa -out myprivatekey.pem 1024

openssl req -new -x509 -sha256 -nodes -key myprivatekey.pem -out ca-certs.pem -days 3650

and put the keys to an existing folder /etc/ca-certificate/

install rancher 2.0 as “Single Node Install with External Load Balancer”

docker run -d --restart=unless-stopped \ -p 80:80 -p 443:443 \ -v /etc/ca-certificates/ca-certs.pem:/etc/rancher/ssl/cacerts.pem \ rancher/rancher:latest

docker container log info

2018/10/10 17:27:27 [INFO] Rancher version v2.1.0 is starting 2018/10/10 17:27:27 [INFO] Rancher arguments {ACMEDomains:[] AddLocal:auto Embedded:false KubeConfig: HTTPListenPort:80 HTTPSListenPort:443 K8sMode:auto Debug:false NoCACerts:false ListenConfig:<nil> AuditLogPath:/var/log/auditlog/rancher-api-audit.log AuditLogMaxage:10 AuditLogMaxsize:100 AuditLogMaxbackup:10 AuditLevel:0} 2018/10/10 17:27:27 [INFO] Listening on /tmp/log.sock 2018/10/10 17:27:27 [INFO] [certificates] Generating CA kubernetes certificates 2018/10/10 17:27:27 [INFO] [certificates] Generating Kubernetes API server certificates 2018/10/10 17:27:28 [INFO] [certificates] Generating Kube Controller certificates 2018/10/10 17:27:28 [INFO] [certificates] Generating Kube Scheduler certificates 2018/10/10 17:27:28 [INFO] [certificates] Generating Kube Proxy certificates 2018/10/10 17:27:28 [INFO] [certificates] Generating Node certificate 2018/10/10 17:27:29 [INFO] [certificates] Generating admin certificates and kubeconfig 2018/10/10 17:27:29 [INFO] [certificates] Generating etcd-127.0.0.1 certificate and key 2018/10/10 17:27:29 [INFO] [certificates] Generating Kubernetes API server aggregation layer requestheader client CA certificates 2018/10/10 17:27:29 [INFO] [certificates] Generating Kubernetes API server proxy client certificates 2018/10/10 17:27:30 [INFO] Running etcd --peer-client-cert-auth --client-cert-auth --initial-cluster-state=new --peer-trusted-ca-file=/etc/kubernetes/ssl/kube-ca.pem --key-file=/etc/kubernetes/ssl/kube-etcd-127-0-0-1-key.pem --initial-cluster-token=etcd-cluster-1 --advertise-client-urls=https://127.0.0.1:2379,https://127.0.0.1:4001 --listen-client-urls=https://0.0.0.0:2379 --initial-advertise-peer-urls=https://127.0.0.1:2380 --listen-peer-urls=https://0.0.0.0:2380 --name=etcd-master --initial-cluster=etcd-master=https://127.0.0.1:2380 --peer-cert-file=/etc/kubernetes/ssl/kube-etcd-127-0-0-1.pem --heartbeat-interval=500 --data-dir=/var/lib/rancher/etcd/ --trusted-ca-file=/etc/kubernetes/ssl/kube-ca.pem --cert-file=/etc/kubernetes/ssl/kube-etcd-127-0-0-1.pem --peer-key-file=/etc/kubernetes/ssl/kube-etcd-127-0-0-1-key.pem --election-timeout=5000 2018-10-10 17:27:30.004559 I | etcdmain: etcd Version: 3.2.13 2018-10-10 17:27:30.004606 I | etcdmain: Git SHA: Not provided (use ./build instead of go build) 2018-10-10 17:27:30.004628 I | etcdmain: Go Version: go1.11 2018-10-10 17:27:30.004648 I | etcdmain: Go OS/Arch: linux/amd64 2018-10-10 17:27:30.004666 I | etcdmain: setting maximum number of CPUs to 2, total number of available CPUs is 2 2018-10-10 17:27:30.004746 I | embed: peerTLS: cert = /etc/kubernetes/ssl/kube-etcd-127-0-0-1.pem, key = /etc/kubernetes/ssl/kube-etcd-127-0-0-1-key.pem, ca = , trusted-ca = /etc/kubernetes/ssl/kube-ca.pem, client-cert-auth = true 2018-10-10 17:27:30.005206 I | embed: listening for peers on https://0.0.0.0:2380 2018-10-10 17:27:30.005255 I | embed: listening for client requests on 0.0.0.0:2379 2018-10-10 17:27:30.008032 I | etcdserver: name = etcd-master 2018-10-10 17:27:30.008094 I | etcdserver: data dir = /var/lib/rancher/etcd/ 2018-10-10 17:27:30.008119 I | etcdserver: member dir = /var/lib/rancher/etcd/member 2018-10-10 17:27:30.008168 I | etcdserver: heartbeat = 500ms 2018-10-10 17:27:30.008188 I | etcdserver: election = 5000ms 2018-10-10 17:27:30.008205 I | etcdserver: snapshot count = 100000 2018-10-10 17:27:30.008228 I | etcdserver: advertise client URLs = https://127.0.0.1:2379,https://127.0.0.1:4001 2018-10-10 17:27:30.008249 I | etcdserver: initial advertise peer URLs = https://127.0.0.1:2380 2018-10-10 17:27:30.008271 I | etcdserver: initial cluster = etcd-master=https://127.0.0.1:2380 2018-10-10 17:27:30.019305 I | etcdserver: starting member e92d66acd89ecf29 in cluster 7581d6eb2d25405b 2018-10-10 17:27:30.019401 I | raft: e92d66acd89ecf29 became follower at term 0 2018-10-10 17:27:30.019436 I | raft: newRaft e92d66acd89ecf29 [peers: [], term: 0, commit: 0, applied: 0, lastindex: 0, lastterm: 0] 2018-10-10 17:27:30.019459 I | raft: e92d66acd89ecf29 became follower at term 1 2018-10-10 17:27:30.049478 W | auth: simple token is not cryptographically signed 2018-10-10 17:27:30.056731 I | etcdserver: starting server... [version: 3.2.13, cluster version: to_be_decided] 2018-10-10 17:27:30.057365 I | embed: ClientTLS: cert = /etc/kubernetes/ssl/kube-etcd-127-0-0-1.pem, key = /etc/kubernetes/ssl/kube-etcd-127-0-0-1-key.pem, ca = , trusted-ca = /etc/kubernetes/ssl/kube-ca.pem, client-cert-auth = true 2018-10-10 17:27:30.058595 I | etcdserver/membership: added member e92d66acd89ecf29 [https://127.0.0.1:2380] to cluster 7581d6eb2d25405b 2018-10-10 17:27:33.020847 I | raft: e92d66acd89ecf29 is starting a new election at term 1 2018-10-10 17:27:33.020971 I | raft: e92d66acd89ecf29 became candidate at term 2 2018-10-10 17:27:33.021006 I | raft: e92d66acd89ecf29 received MsgVoteResp from e92d66acd89ecf29 at term 2 2018-10-10 17:27:33.021040 I | raft: e92d66acd89ecf29 became leader at term 2 2018-10-10 17:27:33.021059 I | raft: raft.node: e92d66acd89ecf29 elected leader e92d66acd89ecf29 at term 2 2018-10-10 17:27:33.021518 I | etcdserver: setting up the initial cluster version to 3.2 2018-10-10 17:27:34.192074 W | wal: sync duration of 1.170876086s, expected less than 1s 2018-10-10 17:27:34.192969 N | etcdserver/membership: set the initial cluster version to 3.2 2018-10-10 17:27:34.193106 I | etcdserver/api: enabled capabilities for version 3.2 2018-10-10 17:27:34.193180 I | etcdserver: published {Name:etcd-master ClientURLs:[https://127.0.0.1:2379 https://127.0.0.1:4001]} to cluster 7581d6eb2d25405b 2018-10-10 17:27:34.193291 I | embed: ready to serve client requests 2018-10-10 17:27:34.193889 I | embed: serving client requests on [::]:2379 2018/10/10 17:27:34 [INFO] Activating driver import 2018/10/10 17:27:34 [INFO] Activating driver import done 2018/10/10 17:27:34 [INFO] Activating driver rke 2018/10/10 17:27:34 [INFO] Activating driver rke done 2018/10/10 17:27:34 [INFO] Activating driver gke 2018/10/10 17:27:34 [INFO] Activating driver gke done 2018/10/10 17:27:34 [INFO] Activating driver aks 2018/10/10 17:27:34 [INFO] Activating driver aks done 2018/10/10 17:27:34 [INFO] Activating driver eks 2018/10/10 17:27:34 [INFO] Activating driver eks done I1010 17:27:34.225245 7 http.go:108] HTTP2 has been explicitly disabled 2018/10/10 17:27:34 [INFO] Running kube-apiserver --etcd-certfile=/etc/kubernetes/ssl/kube-node.pem --advertise-address=10.43.0.1 --kubelet-client-key=/etc/kubernetes/ssl/kube-apiserver-key.pem --proxy-client-key-file= --secure-port=6443 --tls-private-key-file=/etc/kubernetes/ssl/kube-apiserver-key.pem --etcd-servers=https://127.0.0.1:2379 --tls-cert-file=/etc/kubernetes/ssl/kube-apiserver.pem --proxy-client-cert-file= --insecure-bind-address=127.0.0.1 --bind-address=127.0.0.1 --insecure-port=0 --service-node-port-range=30000-32767 --service-account-key-file=/etc/kubernetes/ssl/kube-apiserver-key.pem --authorization-mode=Node,RBAC --allow-privileged=true --requestheader-allowed-names= --requestheader-username-headers= --client-ca-file=/etc/kubernetes/ssl/kube-ca.pem --enable-admission-plugins=ServiceAccount,NamespaceLifecycle,LimitRanger,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds --requestheader-extra-headers-prefix= --requestheader-group-headers= --etcd-cafile=/etc/kubernetes/ssl/kube-ca.pem --requestheader-client-ca-file= --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 --endpoint-reconciler-type=lease --storage-backend=etcd3 --service-cluster-ip-range=10.43.0.0/16 --kubelet-client-certificate=/etc/kubernetes/ssl/kube-apiserver.pem --etcd-keyfile=/etc/kubernetes/ssl/kube-node-key.pem --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --cloud-provider= --etcd-prefix=/registry -v=1 --logtostderr=false --alsologtostderr=false 2018/10/10 17:27:34 [INFO] Waiting for server to become available: Get https://127.0.0.1:6443/version?timeout=30s: dial tcp 127.0.0.1:6443: connect: connection refused [restful] 2018/10/10 17:27:35 log.go:33: [restful/swagger] listing is available at https://10.43.0.1:6443/swaggerapi [restful] 2018/10/10 17:27:35 log.go:33: [restful/swagger] https://10.43.0.1:6443/swaggerui/ is mapped to folder /swagger-ui/ [restful] 2018/10/10 17:27:37 log.go:33: [restful/swagger] listing is available at https://10.43.0.1:6443/swaggerapi [restful] 2018/10/10 17:27:37 log.go:33: [restful/swagger] https://10.43.0.1:6443/swaggerui/ is mapped to folder /swagger-ui/ 2018/10/10 17:27:42 [INFO] Running kube-controller-manager --configure-cloud-routes=false --pod-eviction-timeout=5m0s --v=2 --address=0.0.0.0 --enable-hostpath-provisioner=false --service-cluster-ip-range=10.43.0.0/16 --root-ca-file=/etc/kubernetes/ssl/kube-ca.pem --allow-untagged-cloud=true --leader-elect=true --node-monitor-grace-period=40s --allocate-node-cidrs=true --cloud-provider= --kubeconfig=/etc/kubernetes/ssl/kubecfg-kube-controller-manager.yaml --cluster-cidr=10.42.0.0/16 --service-account-private-key-file=/etc/kubernetes/ssl/kube-apiserver-key.pem --use-service-account-credentials=true -v=1 --logtostderr=false --alsologtostderr=false --controllers * --controllers -resourcequota --controllers -service 2018/10/10 17:27:43 [INFO] Running in single server mode, will not peer connections E1010 17:27:43.032287 7 leaderelection.go:224] error retrieving resource lock kube-system/kube-controller-manager: endpoints "kube-controller-manager" is forbidden: User "system:kube-controller-manager" cannot get endpoints in the namespace "kube-system" 2018/10/10 17:27:43 [INFO] Creating CRD apps.project.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD authconfigs.management.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD apprevisions.project.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD catalogs.management.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD pipelineexecutions.project.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD clusteralerts.management.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD pipelinesettings.project.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD pipelines.project.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD clusterevents.management.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD sourcecodecredentials.project.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD clusterloggings.management.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD sourcecodeproviderconfigs.project.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD clusterregistrationtokens.management.cattle.io 2018/10/10 17:27:43 [INFO] Creating CRD sourcecoderepositories.project.cattle.io 2018/10/10 17:27:44 [INFO] Creating CRD clusterroletemplatebindings.management.cattle.io 2018/10/10 17:27:44 [INFO] Creating CRD clusters.management.cattle.io 2018/10/10 17:27:44 [INFO] Creating CRD composeconfigs.management.cattle.io 2018/10/10 17:27:45 [INFO] Creating CRD dynamicschemas.management.cattle.io 2018/10/10 17:27:45 [INFO] Creating CRD globalrolebindings.management.cattle.io 2018-10-10 17:27:45.646380 W | etcdserver: apply entries took too long [208.051277ms for 1 entries] 2018-10-10 17:27:45.646637 W | etcdserver: avoid queries with large range/delete range! 2018/10/10 17:27:45 [INFO] Creating CRD globalroles.management.cattle.io 2018/10/10 17:27:45 [INFO] Creating CRD groupmembers.management.cattle.io 2018/10/10 17:27:45 [INFO] Creating CRD groups.management.cattle.io 2018/10/10 17:27:46 [INFO] Creating CRD listenconfigs.management.cattle.io 2018/10/10 17:27:46 [INFO] Creating CRD nodedrivers.management.cattle.io 2018/10/10 17:27:46 [INFO] Creating CRD nodepools.management.cattle.io 2018/10/10 17:27:46 [INFO] Creating CRD nodetemplates.management.cattle.io 2018/10/10 17:27:46 [INFO] Creating CRD nodes.management.cattle.io 2018/10/10 17:27:47 [INFO] Creating CRD notifiers.management.cattle.io 2018/10/10 17:27:47 [INFO] Creating CRD podsecuritypolicytemplateprojectbindings.management.cattle.io 2018/10/10 17:27:47 [INFO] Creating CRD podsecuritypolicytemplates.management.cattle.io 2018/10/10 17:27:47 [INFO] Creating CRD preferences.management.cattle.io 2018/10/10 17:27:47 [INFO] Creating CRD projectalerts.management.cattle.io 2018/10/10 17:27:48 [INFO] Creating CRD projectloggings.management.cattle.io 2018/10/10 17:27:48 [INFO] Creating CRD projectnetworkpolicies.management.cattle.io E1010 17:27:48.383229 7 garbagecollector.go:112] failed to sync all monitors: [couldn't look up resource {"management.cattle.io" "v3" "nodes"}: no matches for {management.cattle.io v3 nodes}, couldn't look up resource {"management.cattle.io" "v3" "preferences"}: no matches for {management.cattle.io v3 preferences}, couldn't look up resource {"management.cattle.io" "v3" "projectalerts"}: no matches for {management.cattle.io v3 projectalerts}, couldn't look up resource {"management.cattle.io" "v3" "notifiers"}: no matches for {management.cattle.io v3 notifiers}, couldn't look up resource {"management.cattle.io" "v3" "podsecuritypolicytemplates"}: no matches for {management.cattle.io v3 podsecuritypolicytemplates}, couldn't look up resource {"management.cattle.io" "v3" "podsecuritypolicytemplateprojectbindings"}: no matches for {management.cattle.io v3 podsecuritypolicytemplateprojectbindings}, couldn't look up resource {"management.cattle.io" "v3" "projectloggings"}: no matches for {management.cattle.io v3 projectloggings}] 2018/10/10 17:27:48 [INFO] Creating CRD projectroletemplatebindings.management.cattle.io 2018/10/10 17:27:48 [INFO] Creating CRD projects.management.cattle.io 2018/10/10 17:27:48 [INFO] Creating CRD roletemplates.management.cattle.io 2018/10/10 17:27:49 [INFO] Creating CRD settings.management.cattle.io 2018/10/10 17:27:49 [INFO] Creating CRD templatecontents.management.cattle.io 2018/10/10 17:27:49 [INFO] Creating CRD templates.management.cattle.io 2018/10/10 17:27:49 [INFO] Creating CRD templateversions.management.cattle.io 2018/10/10 17:27:49 [INFO] Creating CRD tokens.management.cattle.io 2018/10/10 17:27:50 [INFO] Creating CRD userattributes.management.cattle.io 2018/10/10 17:27:50 [INFO] Creating CRD users.management.cattle.io 2018/10/10 17:27:50 [INFO] Starting API controllers 2018/10/10 17:27:51 [INFO] Starting catalog controller 2018/10/10 17:27:51 [INFO] Starting management controllers 2018/10/10 17:27:51 [INFO] Reconciling GlobalRoles 2018/10/10 17:27:51 [INFO] Listening on :443 2018/10/10 17:27:51 [INFO] Listening on :80 2018/10/10 17:27:51 [INFO] Creating roles-manage 2018/10/10 17:27:51 [INFO] Creating settings-manage 2018/10/10 17:27:51 [INFO] Creating admin 2018/10/10 17:27:51 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-roles-manage for corresponding GlobalRole 2018/10/10 17:27:51 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-settings-manage for corresponding GlobalRole 2018/10/10 17:27:51 [INFO] Creating user 2018/10/10 17:27:51 [INFO] Creating clusters-create 2018/10/10 17:27:51 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-admin for corresponding GlobalRole 2018/10/10 17:27:51 [INFO] Creating nodedrivers-manage 2018/10/10 17:27:51 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-user for corresponding GlobalRole 2018/10/10 17:27:51 [INFO] Creating catalogs-manage 2018/10/10 17:27:51 [INFO] Creating users-manage 2018/10/10 17:27:51 [INFO] Creating catalogs-use 2018/10/10 17:27:51 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-catalogs-manage for corresponding GlobalRole 2018/10/10 17:27:51 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-users-manage for corresponding GlobalRole 2018/10/10 17:27:51 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-clusters-create for corresponding GlobalRole 2018/10/10 17:27:51 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-nodedrivers-manage for corresponding GlobalRole 2018/10/10 17:27:51 [INFO] Creating authn-manage 2018/10/10 17:27:51 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-catalogs-use for corresponding GlobalRole 2018/10/10 17:27:51 [INFO] Creating podsecuritypolicytemplates-manage 2018/10/10 17:27:51 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-authn-manage for corresponding GlobalRole 2018/10/10 17:27:51 [INFO] Creating user-base 2018/10/10 17:27:51 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-podsecuritypolicytemplates-manage for corresponding GlobalRole 2018/10/10 17:27:51 [INFO] Reconciling RoleTemplates 2018/10/10 17:27:51 [INFO] Creating secrets-view 2018/10/10 17:27:51 [INFO] [mgmt-auth-gr-controller] Creating clusterRole cattle-globalrole-user-base for corresponding GlobalRole 2018/10/10 17:27:51 [INFO] Creating serviceaccounts-manage 2018/10/10 17:27:51 [INFO] Creating view 2018/10/10 17:27:51 [INFO] Creating nodes-manage 2018/10/10 17:27:51 [INFO] Creating nodes-view 2018/10/10 17:27:51 [INFO] Creating create-ns 2018/10/10 17:27:51 [INFO] Creating ingress-manage 2018/10/10 17:27:51 [INFO] Creating services-view 2018/10/10 17:27:51 [INFO] Creating read-only 2018/10/10 17:27:51 [INFO] Creating workloads-view 2018/10/10 17:27:51 [INFO] Creating ingress-view 2018/10/10 17:27:51 [INFO] Creating configmaps-manage 2018/10/10 17:27:51 [INFO] Creating projects-view 2018/10/10 17:27:51 [INFO] Creating cluster-owner 2018/10/10 17:27:51 [INFO] Creating cluster-member 2018/10/10 17:27:51 [INFO] Creating projects-create 2018/10/10 17:27:51 [INFO] Creating project-owner 2018/10/10 17:27:51 [INFO] Creating persistentvolumeclaims-view 2018/10/10 17:27:51 [INFO] Creating serviceaccounts-view 2018/10/10 17:27:51 [INFO] Creating clusterroletemplatebindings-view 2018/10/10 17:27:51 [INFO] Creating workloads-manage 2018/10/10 17:27:51 [INFO] Creating services-manage 2018/10/10 17:27:51 [INFO] Creating cluster-admin 2018/10/10 17:27:51 [INFO] Creating edit 2018/10/10 17:27:51 [INFO] Creating storage-manage 2018/10/10 17:27:51 [INFO] Creating project-member 2018/10/10 17:27:51 [INFO] Creating persistentvolumeclaims-manage 2018/10/10 17:27:51 [INFO] Creating admin 2018/10/10 17:27:51 [INFO] Creating clusterroletemplatebindings-manage 2018/10/10 17:27:51 [INFO] Creating secrets-manage 2018/10/10 17:27:51 [INFO] Creating configmaps-view 2018/10/10 17:27:51 [INFO] Creating projectroletemplatebindings-manage 2018/10/10 17:27:51 [INFO] Creating projectroletemplatebindings-view 2018/10/10 17:27:51 [INFO] Creating new GlobalRoleBinding for GlobalRoleBinding globalrolebinding-8cpl8 2018/10/10 17:27:51 [INFO] [mgmt-auth-grb-controller] Creating clusterRoleBinding for globalRoleBinding globalrolebinding-8cpl8 for user user-hxzwt with role cattle-globalrole-admin 2018/10/10 17:27:52 [INFO] Creating node driver amazonec2 2018/10/10 17:27:52 [INFO] Creating node driver azure 2018/10/10 17:27:52 [INFO] Creating node driver digitalocean 2018/10/10 17:27:52 [INFO] Creating node driver exoscale 2018/10/10 17:27:52 [INFO] Creating node driver openstack 2018/10/10 17:27:52 [INFO] Creating node driver otc 2018/10/10 17:27:52 [INFO] Creating node driver packet 2018/10/10 17:27:52 [INFO] Creating node driver rackspace 2018/10/10 17:27:52 [INFO] Creating node driver softlayer 2018/10/10 17:27:52 [INFO] Creating node driver aliyunecs 2018/10/10 17:27:52 [INFO] Creating node driver vmwarevsphere 2018/10/10 17:27:52 [INFO] Rancher startup complete 2018/10/10 17:27:52 [INFO] uploading digitaloceanConfig to node schema 2018/10/10 17:27:52 [INFO] uploading digitaloceanConfig to node schema 2018/10/10 17:27:52 [INFO] uploading amazonec2Config to node schema 2018/10/10 17:27:52 [INFO] uploading amazonec2Config to node schema 2018/10/10 17:27:52 [INFO] uploading vmwarevsphereConfig to node schema 2018/10/10 17:27:52 [INFO] uploading vmwarevsphereConfig to node schema 2018/10/10 17:27:55 [INFO] Updating catalog library E1010 17:28:01.651935 7 clusterroleaggregation_controller.go:180] view failed with : Operation cannot be fulfilled on clusterroles.rbac.authorization.k8s.io "view": the object has been modified; please apply your changes to the latest version and try again 2018/10/10 17:28:21 [INFO] Catalog sync done. 26 templates created, 0 templates updated, 0 templates deleted 2018/10/10 17:28:44 [ERROR] CatalogController library [catalog] failed with : Unexpected HTTP status code 404 from [https://git.rancher.io/charts/index.yaml], expected 200 2018/10/10 17:29:15 [ERROR] CatalogController library [catalog] failed with : Timeout in HTTP GET to [https://git.rancher.io/charts/index.yaml], did not respond in 30s 2018/10/10 17:29:18 [ERROR] CatalogController library [catalog] failed with : Unexpected HTTP status code 502 from [https://git.rancher.io/charts/index.yaml], expected 200 2018-10-10 17:37:34.632023 I | mvcc: store.index: compact 1835 2018-10-10 17:37:34.635578 I | mvcc: finished scheduled compaction at 1835 (took 1.718113ms) 2018-10-10 17:42:34.663790 I | mvcc: store.index: compact 2164 2018-10-10 17:42:34.677414 I | mvcc: finished scheduled compaction at 2164 (took 3.412057ms)

and still the “your connection is private” error problem persist the certs provided did not worked though, i tried multiple times creating the pem certs still nothing. *sigh please help

The self-signed certificates are always unsafe, because they’re not signed by a trusted third party (the certification authority). The warning will appear unless you either obtain a valid certificate, or require every user to install your certificate as a pseudo CA on their operating system - which is feasible only if there are very few users, and secure only if they trust you to install that certificate. However from the Docker command you posted I already see the first problem - you’re mounting only the certificate file in your Rancher, but you forgot to mount the private key file as well. And last but not least: NEVER send a private key anywhere outside the machine it’s been generated on, not to mention posting on a public forum. Even if it’s just for local development, it’s a dangerous example for others.

1 Like

thanks for the reply, i’ve taken out the pem certs though i already deleted the old vm box which i use with the certs that i have post here. also i’ve installed the signed certs in chrome for authorization, chrome still wont allow it, also edge, opera. though firefox is working fine it got through with the exception option. though i really wanted to work in all browsers with a working certs manually installed as authorized certs.

this is the method that i’ve used with the certs was posted here, there is no key included with this method:

https://rancher.com/docs/rancher/v2.x/en/installation/single-node/single-node-install-external-lb/

docker run -d --restart=unless-stopped \ -p 80:80 -p 443:443 \ -v /etc/your_certificate_directory/cacerts.pem:/etc/rancher/ssl/cacerts.pem \ rancher/rancher:latest

Sorry I didn’t notice you selected the LB variant. But are you actually using an external load balancer? This kind of install requires you to install the PEM files on the load balancer (outside of Rancher).

You better switch to this: https://rancher.com/docs/rancher/v2.x/en/installation/single-node/

Then the command would be:

docker run -d --restart=unless-stopped \
-p 80:80 -p 443:443 \
-v /<CERT_DIRECTORY>/<FULL_CHAIN.pem>:/etc/rancher/ssl/cert.pem \
-v /<CERT_DIRECTORY>/<PRIVATE_KEY.pem>:/etc/rancher/ssl/key.pem \
-v /<CERT_DIRECTORY>/<CA_CERTS.pem>:/etc/rancher/ssl/cacerts.pem \
rancher/rancher:latest

thats the problem i dont know how to create a fullchain pem sigh i only know how to create a private key pem that generates a cert pem

Check this reply: https://stackoverflow.com/a/27931596/2583484

1 Like

I’ve written two articles on certificates here: https://medium.com/@superseb/zero-to-rancher-2-x-single-install-using-created-self-signed-certificates-in-5-minutes-5f9fe11fceb0 and https://medium.com/@superseb/get-your-certificate-chain-right-4b117a9c0fce

1 Like