The above link includes references to rotating certs that have expired but still requires use of the webUI. Do I need to get the working somehow (is something else keeping it from starting than the expired certs?) or do I need some other method from a CLI?
Turns out I had two problems. I had to fix the webUI, then it was simple to rotate the certs.
We’re a small shop running an 11 node K8S cluster on bare metal, and I run rancher on a VM in a docker container. At some point recently rancher changed their requirements so that their docker image now needs to run in privileged mode. Changed that and it broke out of its restart loop.