ERROR: https://{SERVER IP}/v1 is not accessible

H all,

in Azure I have setup the following.

  • 3 rancher servers with a loadbalancer in front of it
  • A mysql database that Rancher connects to
  • A swarm environment with 3 nodes
  • An Azure Container Registry
    All in the same resource group and subnet.

On the 3 rancher servers I configured SSL by spinning up a nginx container on each server. The certificates are selfsigned (at the moment). I copied the .crt file to /var/lib/rancher/etc/ssl on the 3 nodes of
the swarm cluster. When I try to add the hosts I get the error below:

Updating certificates in /etc/ssl/certs…
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d…

INFO: Running Agent Registration Process, CATTLE_URL=
INFO: Attempting to connect to:
ERROR: is not accessible

When I do a curl I get:

[root@decoratorproxynode1 ~]curl -v --insecure                                                                                                                  * About to connect() to port 443 (#0)
*   Trying
* Connected to ( port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=rancherserver1,OU=CLOUD,O=NS,L=Default City,C=NL
*       start date: May 11 14:20:04 2017 GMT
*       expire date: May 11 14:20:04 2018 GMT
*       common name: rancherserver1
*       issuer: CN=rancherserver1,OU=CLOUD,O=NS,L=Default City,C=NL
 GET /v1 HTTP/1.1
 User-Agent: curl/7.29.0
 Accept: */*

 HTTP/1.1 401 Unauthorized
 Server: nginx/1.13.0
 Date: Mon, 22 May 2017 10:45:26 GMT
 Content-Type: application/json; charset=utf-8
 Content-Length: 177
 Connection: keep-alive
 Expires: Thu, 01 Jan 1970 00:00:00 GMT
 Set-Cookie: PL=rancher;Path=/
 Www-Authenticate: Basic realm="Enter API access key and secret key as username and password"
 X-Rancher-Version: v1.6.0

* Connection #0 to host left intact

Can anyone help me out? No clue what I am doing wrong :).

For completeness, you did follow the steps described in ?

I would like to see the curl output from within the agent container that you tried to start, and without the --insecure flag.

And you are connecting over IP while your certificates only has the CN of rancherserver1 as I can see?