Hi,
Are the following steps to renew a private CA certificate (GeoTrust) for Rancher HA (v2.2.3) correct?
-
Load balancer (Nginx): replace certificate with the new one
-
Rancher cluster:
kubectl -n cattle-system delete secret tls-rancher-ingress
kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=tls.crt --key=tls.key (tls.crt is chained) -
For every K8s cluster
- Upload and replace the certificate in Rancher UI used in projects with the new one
- Rotate certificate for all services
Thanks!