Rancher HA install: HTTP GET fails for catalogs because they're trying to connect to git.rancher.io w/ my.domain cert

I just deployed Rancher HA with ‘Certificates from Files’ per this document:


This was the command I used to run the helm install:

helm install rancher-stable/rancher --name rancher --namespace cattle-system --set hostname=rancher.my.domain --set ingress.tls.source=secret

Then I created the cert secrets per this document:


All seemed to go well but looking over the install, when I navigate to:

Global > Tools > Catalogs

Enabled catalogs give error messages such as the following:

For ‘Library’:

Error in HTTP GET to [https://git.rancher.io/charts/index.yaml], error: Get https://git.rancher.io/charts/index.yaml: x509: certificate is valid for *.my.domain, my.domain, not git.rancher.io

For ‘Helm Stable’:

Error in HTTP GET to [https://kubernetes-charts.storage.googleapis.com/index.yaml], error: Get https://kubernetes-charts.storage.googleapis.com/index.yaml: x509: certificate is valid for *.my.domain, my.domain, not kubernetes-charts.storage.googleapis.com

This surprises me as my understanding is that the certificate I supplied during the Helm install was simply for SSL termination to the Rancher UI. Why is Rancher trying to use this certificate to connect to the catalog repos and how can I fix this?

Also on the bottom of the Catalogs page under the ‘system-library’ catalog it says:
Clone failed: Cloning into 'management-state/catalog-cache/2284e9d6c1e82c5a56a5cb7c1d5c0144835734b1b66da6f75122d99c7989618f'... fatal: unable to access 'https://git.rancher.io/system-charts/': SSL: certificate subject name (*.my.domain) does not match target host name 'git.rancher.io' : exit status 128

Identified problem and found a workaround that suits me. For those interested, see my last post on this issue.