Expired certs, not rotating after upgrade

Hy there!
I read the main conversations in this topic.
I have 2 nodes, 1 for only the rancher ui, and one for the control, etcd, and apps. I installed this setup exactly one years ago. The certs expired so I upgraded to rancher:latest, and started to read all the cert docs:

  • original doc I have the pem, clicked the rotate, still not communicating the rancher instance with the cluster. All of my certs on the server are still old.
  • original issue no idea what is the cluster.yml, didn’t find concrete documentation if this should be available somewhere or I should create it
  • I tried to restart the kubelet and kube-proxy, but bcs the files are not refreshing these did nothing.
  • I tried to cp the ssl dir to the .tmp dir, still nothing (and hit the refresh all on the ui)
  • issues/20822 did not helped either bcs I had no Provisioned line at the end of the log, and even when I wrote one by hand, nothing happened…

Can I manually update the apiserver cert? So after that the rotate would work I gess. I can ssh/console into all of the containers/node, so if sb can cleare some air I think I can fix this, but I didn’t find enough information.

(PS.: The number of links restriction is a joke, how should I describe the problem if I cant give sources?)

Having similar issue. Started at ver 2.1.0. Certs expired and no clear path to renewing them. Updated to 2.3.0. Rotate certs did nothing to renew them and now cluster is not available.
Hope you are having better luck.

Yepp I went to 2.3 and one of the materials have a github issue which tells you to modify the provisioned from true to false in a yaml. That pushed my cluster back to provisioning state and after ~10min of error messages it webt to green.

When I did the same with 2.2.4 it didnt changed back the state which is odd.

Edit: googled the issue: https://github.com/rancher/rancher/issues/20822