Hi,
I just deployed Rancher HA with ‘Certificates from Files’ per this document:
https://rancher.com/docs/rancher/v2.x/en/installation/ha/helm-rancher/
This was the command I used to run the helm install:
helm install rancher-stable/rancher --name rancher --namespace cattle-system --set hostname=rancher.my.domain --set ingress.tls.source=secret
Then I created the cert secrets per this document:
https://rancher.com/docs/rancher/v2.x/en/installation/ha/helm-rancher/tls-secrets/
All seemed to go well but looking over the install, when I navigate to:
Global > Tools > Catalogs
Enabled catalogs give error messages such as the following:
For ‘Library’:
Error in HTTP GET to [https://git.rancher.io/charts/index.yaml], error: Get https://git.rancher.io/charts/index.yaml: x509: certificate is valid for *.my.domain, my.domain, not git.rancher.io
For ‘Helm Stable’:
Error in HTTP GET to [https://kubernetes-charts.storage.googleapis.com/index.yaml], error: Get https://kubernetes-charts.storage.googleapis.com/index.yaml: x509: certificate is valid for *.my.domain, my.domain, not kubernetes-charts.storage.googleapis.com
This surprises me as my understanding is that the certificate I supplied during the Helm install was simply for SSL termination to the Rancher UI. Why is Rancher trying to use this certificate to connect to the catalog repos and how can I fix this?