I wish I’d been aware of this about a month ago.
Rancher stopped accepting ldap-based webUI logins and after restarting the docker instance it won’t start at all.
Significant error in docker logs seems to be:
time=“2021-04-05T16:20:20.157240593Z” level=fatal msg=“starting tls server: Get https://localhost:6444/apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions: x509: certificate has expired or is not yet valid”
And Rancher Docs: Certificate Rotation says that
“Rotating these certificates is important before the certificates expire”