Change Rancher SSL Configuration


when we installed Rancher in high availability (v2.1.6), we decided to use Let’s Encrypt configuration. Now, we want to use our own certificate or event move the TLS termination to our external load balancer. However, we’re not sure about how to proceed to successfully reconfigure the Rancher cluster…

How can we do this? Is there any way to achieve this in the UI? Do we need to use helm or kubectl?

Thanks in advance

You’ll probably need to use kubectl and Helm to do it. When my SSL expired, I needed to delete the old secret out and recreate one. So in this case, let’s assume you’re wanting to move to a signed SSL with your own certificate. We’ll call your domain - You have your key and your certs. You put them in files named: tls.crt and tls.key respectively. You’ll need to make sure you’re kubectl is configured to access the rancher main cluster and run the following:
kubectl -n cattle-system create secret tls tls-rancher-ingress

Once this secret is created, you can use helm to update your configuration. May be a more graceful way here:
helm upgrade rancher rancher-stable/rancher
–set ingress.tls.source=secret

Then you can point your loadbalancer at the nodes. I’m not sure on offloading the SSL at the LB, but the above works in our environment when we put an LB in front of an HA cluster.
Hope this helps!