[solved] Rancher 2.6.x Ingress Controller SSL failing

lucas.schatz · October 28, 2021, 2:04pm

[Newbie here]
I’m trying to deploy a simple rancher server 2.6.2 under docker at Rocky Linux 8, I could find some tutorials for Rancher 2.X, but none specific for 2.6 so I had to guess some steps, if someone could explain to me what I’m missing in my setup.
I was able to deploy node-port services, but I’m not able to deploy the workload through Ingress, here is my basic steps and I’m not sure if I’m lacking some steps or where is my error:

setup (docker) rancher with a valid --acme-domain (Rocky linux server)
create a local cluster with RKE1 (web UI)
registry repo https ://charts.jetstack.io (web UI)
kubectl apply -f https ://github.com/jetstack/cert-manager/releases/download/v1.6.0/cert-manager.crds.yaml (run in the web kubectl shell)
install cert-manager in the namespace cert-manager (web UI)
Install Issuer AutoSign (for testing) https ://cert-manager.io/docs/configuration/selfsigned/ (web import yaml)
create a Deployment rancher/hello-world, Cluster IP, port 80 (web UI)
Finally, goto Service Discovery->Ingresses->Create:
-Filled request host, prefix “/”, target service with port
-added Certificate “aaaaaaaa” with the same host
-added label cert-manager.io/issuer=selfsigned-issuer
-‘Save and wait’

When I try to access the new domain/URL the browser automatically redirects to HTTPS, and returns Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

Output curl -k -v http : // hellomydomain

*   Trying MY.IP...
* TCP_NODELAY set
* Connected to hello.my.domain (MY.IP) port 80 (#0)
> GET / HTTP/1.1
> Host: hello.my.domain
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 302 Found
< Content-Type: text/html; charset=utf-8
< Location: https :// hellomydomain /
< Date: Thu, 28 Oct 2021 13:41:20 GMT
< Content-Length: 57
<
<a href="https :// hellomydomain /">Found</a>.

Output curl -k -v https :// hellomydomain

* Rebuilt URL to: https :// hellomydomain/
*   Trying MY.IP...
* TCP_NODELAY set
* Connected to hello.my.domain (MY.IP) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

Thanks

lucas.schatz · October 29, 2021, 1:01pm

Solved: I was using ports 80 and 443 for both rancher and the node (same machine), changed to 8080 and 8443 and all was fine

Topic		Replies	Views
Cert-manager on Rancher 2.x (via catalogue) Rancher 2.x	1	1678	September 8, 2018
Rancher 2.6.1 on RKE2 using RKE2's nginx ingress controller failing Rancher 2.x	2	2480	October 25, 2021
RANCHER-TLS Certificate	1	480	July 10, 2023
Is there a way to have rancher send the cert and not the webapps? Rancher 2.x	1	437	April 24, 2019
Getting Kubernetes Ingress Controller Fake Certificate Rancher 2.x	2	3943	September 11, 2020

[solved] Rancher 2.6.x Ingress Controller SSL failing

Related Topics