ERROR: https://{SERVER IP}/v1 is not accessible

H all,

in Azure I have setup the following.

  • 3 rancher servers with a loadbalancer in front of it
  • A mysql database that Rancher connects to
  • A swarm environment with 3 nodes
  • An Azure Container Registry
    All in the same resource group and subnet.

On the 3 rancher servers I configured SSL by spinning up a nginx container on each server. The certificates are selfsigned (at the moment). I copied the .crt file to /var/lib/rancher/etc/ssl on the 3 nodes of
the swarm cluster. When I try to add the hosts I get the error below:

Updating certificates in /etc/ssl/certs…
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d…
done.

INFO: Running Agent Registration Process, CATTLE_URL=https://10.0.0.4/v1
INFO: Attempting to connect to: https://10.0.0.4/v1
ERROR: https://10.0.0.4/v1 is not accessible

When I do a curl I get:

[root@decoratorproxynode1 ~]curl -v --insecure https://10.0.0.4/v1                                                                                                                  * About to connect() to 10.0.0.4 port 443 (#0)
*   Trying 10.0.0.4...
* Connected to 10.0.0.4 (10.0.0.4) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=rancherserver1,OU=CLOUD,O=NS,L=Default City,C=NL
*       start date: May 11 14:20:04 2017 GMT
*       expire date: May 11 14:20:04 2018 GMT
*       common name: rancherserver1
*       issuer: CN=rancherserver1,OU=CLOUD,O=NS,L=Default City,C=NL
 GET /v1 HTTP/1.1
 User-Agent: curl/7.29.0
 Host: 10.0.0.4
 Accept: */*

 HTTP/1.1 401 Unauthorized
 Server: nginx/1.13.0
 Date: Mon, 22 May 2017 10:45:26 GMT
 Content-Type: application/json; charset=utf-8
 Content-Length: 177
 Connection: keep-alive
 Expires: Thu, 01 Jan 1970 00:00:00 GMT
 Set-Cookie: PL=rancher;Path=/
 Www-Authenticate: Basic realm="Enter API access key and secret key as username and password"
 X-Api-Schemas: https://10.0.0.4/v1/schemas
 X-Rancher-Version: v1.6.0

* Connection #0 to host 10.0.0.4 left intact
{"id":"bb25794b-8573-4ce2-aa64-076d97cf505c","type":"error","links":{},"actions":{},"status":401,"code":"Unauthorized","message":"Unauthorized","detail":null,"baseType":"error"}[root                                                                                                           

Can anyone help me out? No clue what I am doing wrong :).

For completeness, you did follow the steps described in http://docs.rancher.com/rancher/v1.6/en/installing-rancher/installing-server/basic-ssl-config/#using-self-signed-certs-beta ?

I would like to see the curl output from within the agent container that you tried to start, and without the --insecure flag.

And you are connecting over IP while your certificates only has the CN of rancherserver1 as I can see?