[solved] Rancher 2.6.x Ingress Controller SSL failing

[Newbie here]
I’m trying to deploy a simple rancher server 2.6.2 under docker at Rocky Linux 8, I could find some tutorials for Rancher 2.X, but none specific for 2.6 so I had to guess some steps, if someone could explain to me what I’m missing in my setup.
I was able to deploy node-port services, but I’m not able to deploy the workload through Ingress, here is my basic steps and I’m not sure if I’m lacking some steps or where is my error:

  • setup (docker) rancher with a valid --acme-domain (Rocky linux server)
  • create a local cluster with RKE1 (web UI)
  • registry repo https ://charts.jetstack.io (web UI)
  • kubectl apply -f https ://github.com/jetstack/cert-manager/releases/download/v1.6.0/cert-manager.crds.yaml (run in the web kubectl shell)
  • install cert-manager in the namespace cert-manager (web UI)
  • Install Issuer AutoSign (for testing) https ://cert-manager.io/docs/configuration/selfsigned/ (web import yaml)
  • create a Deployment rancher/hello-world, Cluster IP, port 80 (web UI)
  • Finally, goto Service Discovery->Ingresses->Create:
  • -Filled request host, prefix “/”, target service with port
  • -added Certificate “aaaaaaaa” with the same host
  • -added label cert-manager.io/issuer=selfsigned-issuer
  • -‘Save and wait’

When I try to access the new domain/URL the browser automatically redirects to HTTPS, and returns Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

Output curl -k -v http : // hellomydomain

*   Trying MY.IP...
* Connected to hello.my.domain (MY.IP) port 80 (#0)
> GET / HTTP/1.1
> Host: hello.my.domain
> User-Agent: curl/7.61.1
> Accept: */*
< HTTP/1.1 302 Found
< Content-Type: text/html; charset=utf-8
< Location: https :// hellomydomain /
< Date: Thu, 28 Oct 2021 13:41:20 GMT
< Content-Length: 57
<a href="https :// hellomydomain /">Found</a>.

Output curl -k -v https :// hellomydomain

* Rebuilt URL to: https :// hellomydomain/
*   Trying MY.IP...
* Connected to hello.my.domain (MY.IP) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error


Solved: I was using ports 80 and 443 for both rancher and the node (same machine), changed to 8080 and 8443 and all was fine :sunny:

1 Like