I have rancher 2.2.4 in HA…
When I first installed rancher, it had self-signed cert, with this command:
helm install rancher-latest/rancher \
--name rancher \
--namespace cattle-system \
--set hostname=rancher.my.org
After few weeks, did helm upgrade rancher, and using real certificate:
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm upgrade rancher rancher-stable/rancher \
--namespace cattle-system \
--set hostname=rancher.my.org \
--set ingress.tls.source=secret \
--set privateCA=true
kubectl -n cattle-system delete secret tls-rancher-ingress
kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=tls.crt --key=tls.key
kubectl -n cattle-system create secret generic tls-ca --from-file=cacerts.pem
After this point, my custom cluster took several minutes, but it came back.
However, I am now seeing these:
time="2019-07-01T14:21:16Z" level=info msg="Connecting to wss://rancher.my.org/v3/connect with token <my_token>"
time="2019-07-01T14:21:16Z" level=info msg="Connecting to proxy" url="wss://rancher.my.org/v3/connect"
time="2019-07-01T14:21:16Z" level=error msg="Failed to connect to proxy" error="x509: certificate signed by unknown authority"
time="2019-07-01T14:21:16Z" level=error msg="Failed to connect to proxy" error="x509: certificate signed by unknown authority"
I am trying to figure out what is causing this and how can I resolve it?
Thank you!