Hi!
I am using a letsencrypt SSL certificate for my Rancher (now) 2.4.7 installation. cert-manager version is 0.16.1.
I see that the certificate will expire on September 28.
Will it be automatically updated?
How can I trigger a certificate refresh?
So the time has come and the letsencrypt cert expired.
It was not renewed automatically.
I tried several things:
delete rancher pods
delete cert-manager pods
delete tls-rancher-ingress cert
it was recreated in the expired form
delete tls-rancher-ingress and tls-rancher secrets and redeploy rancher
it did not recreate the secrets above
Nothing worked.
In the end I redeployed rancher with our own certificates: cat ~/certs/<domain>.pem ~/certs/<domain>.intermediate-ca.pem > ./tls.crt
cat ~/certs/.key > ./tls.key kubectl delete secret tls-rancher-ingress
kubectl -n cattle-system create secret tls tls-rancher-ingress --cert=tls.crt --key=tls.key
$ helm3 upgrade rancher rancher-stable/rancher --namespace cattle-system --set hostname=. --set ingress.tls.source=tls-rancher-ingress
Still I am very curious how should the letsencrypt cert have been properly renewed and I think there should be something in the Rancher install docs about this.
Hi @superseb!
Now the letsencrypt certificate expired on another Rancher (v.2.4.8) installation.
I uploaded the logs of cert-manager pods and the tls-rancher-ingress yaml file here: https://app.box.com/s/r2nn09fzsfjpwuotn79dkp9d5zvcvsi4
Could you please have a look and let me know what I could do?
For the previous install I redeployed Rancher with certificates from files but I would really like to get the letsencrypt one renewed.