Certificate Issue: Same serial number as another certificate


#1

Hello,

I’m using Rancher v2.1.6 for 2 different HA setups. Both are using the NGINX load balancer. Both have a DNS name in our system in the same domain. They are in different subnets, vlans, hosts and VM’s being setup. The first one I was able to access fine until today. All of a sudden I get this error:

You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. Error code: SEC_ERROR_REUSED_ISSUER_AND_SERIAL

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

I’ve tried deleting files from Firefox for this, but it doesn’t make a difference. Tried this on another machine as well that had never accessed the Rancher sites I created and I still get the same issue. How do I fix this? I plan on building this several times, sometimes with rke, sometimes without, but I may wind up installing Rancher afterwards, so I don’t want these kinds of problems to persist if we keep building more and more Rancher clusters. I’m not sure if there’s some particular cert thing I’m supposed to do, but I basically went thru the HA steps on the Rancher page to make this work. Any help is appreciated.


#2

I can get this to work in IE (Well not really it doesn’t load the site), Edge and Chrome, but not Firefox. In IE I just added the certs for the site and for cattle-ca into the Trusted Root and it’s working for Edge and Chrome, but still failing in Firefox.