Certificate question

Hello,
I have rancher 2.2.3 in HA mode (install using helm). Followed this document for the install: https://rancher.com/docs/rancher/v2.x/en/installation/ha/

It was installed with self-signed certificate, and all is well.

Now, I need to remove self-signed certificate and install one from CA (cert from file).

Need guidance on how to accomplish this? Is there a document for this?

Thank you!

Have a look here: https://rancher.com/docs/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/

Thanks, following the document, I am trying to remove the existing self-signed cert with:

kubectl -n cattle-system delete secret tls-rancher-ingress

And I get:

secret “tls-rancher-ingress” deleted

However, within seconds the same cert re-appears…
If I run this command, I get “already exists”:

kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=rancher.crt --key=rancher.key 
Error from server (AlreadyExists): secrets "tls-rancher-ingress" already exists

I have the same problem and followed the below steps to overcome the problem. Here cert-manager is recreating it .so need to delete that. I hope this will help.

– Check the cert-manager resources exits
$kubectl get certificaterequests.cert-manager.io -n cattle-system
$kubectl get certificatesigningrequests.certificates.k8s.io -n cattle-system
– Delete:
$kubectl delete certificates.cert-manager.io -n cattle-system tls-rancher-ingress

$kubectl get certificates.cert-manager.io -n cattle-system
No resources found in cattle-system namespace.

–Then rerun the command again
$ kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=rancher.crt --key=rancher.key