I’ve set up a new Rancher 2.1.6 system. I then added a letsencrypt cert for the rancher server. This is working fine. I can connect to https://rancher… and all’s good…
However when I try to create a new cluster and add a node in… it’s not working.
time=“2019-03-04T09:04:18Z” level=info msg=“Connecting to proxy” url=“wss://rancher…/v3/connect/register”
time=“2019-03-04T09:04:18Z” level=error msg=“Failed to connect to proxy” error=“x509: certificate signed by unknown authority”
time=“2019-03-04T09:04:18Z” level=error msg=“Failed to connect to proxy” error=“x509: certificate signed by unknown authority”
So it looks like the container does have the LetEncrypt Certificates registered.
I’m using rancherOS to run the nodes, and they also don’t appear to have the letsEncrypt certs installed…
curl ‘https://rancher…/ping’
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
I can fix this by adding the certificate to the cert store in /etc/ca-certificates.conf
Why aren’t the LetsEncrypt certs not installed by default??