I am using Rancher 2.8. I replaced the default certificate with a new one following the “Updating from a Private CA Certificate to a Public CA Certificate” procedure from Updating the Rancher Certificate | Rancher
I used the full certificate chain, but after updating the certificate I cannot access the underlying cluster even when I replace the KubeConfig file. The message I get is:
“Unable to connect to the server: tls: failed to verify certificate: x509: certificate signed by unknown authority”
I ran superseb/ranchercheck script and it reports:
Certificate chain is complete, connection to https://rancher.example.com established successfully.
Please help or point me in a new direction, I’m going around in circles.
Thank you.
I haven’t imported RootCA to any machines. Would this be the local cluster macine (i.e. Rancher manager) or the remote cluster nodes? Why is only RootCA needed in that case?
I only did force update from Continuous Delivery as indicated by the procedure. Could you send me the procedure to import the certificates to the nodes that need to be updated?
I tried adding the certificate to the client machine, this did not change the error.
I’m having trouble with this one: About Custom CA Root Certificates | Rancher
My Rancher manager was not installed with docker, I’m assuming there should be an equivalent of this action for helm chart, but I was not able to find it. Could you help with this?
Hello, I have: remote cluster becomes unavailable if I do this. I tried a bunch of other posts related to this, but I still did not resolve the problem.
