You’ll probably need to use kubectl and Helm to do it. When my SSL expired, I needed to delete the old secret out and recreate one. So in this case, let’s assume you’re wanting to move to a signed SSL with your own certificate. We’ll call your domain - jramcast.com You have your key and your certs. You put them in files named: tls.crt and tls.key respectively. You’ll need to make sure you’re kubectl is configured to access the rancher main cluster and run the following:
kubectl -n cattle-system create secret tls tls-rancher-ingress
Once this secret is created, you can use helm to update your configuration. May be a more graceful way here:
helm upgrade rancher rancher-stable/rancher
Then you can point your loadbalancer at the nodes. I’m not sure on offloading the SSL at the LB, but the above works in our environment when we put an LB in front of an HA cluster.
Hope this helps!