I noticed v2.0.0-rc1 and v2.0.0-rc2 pop up in releases, but I can’t pull them. Since others have it working, I guess I’m just missing the right tag.
With:
docker run -p 80:80 -p 443:443 -d rancher/server:v2.0.0-rc2
I get:
Unable to find image 'rancher/server:v2.0.0-rc2' locally
docker: Error response from daemon: manifest for rancher/server:v2.0.0-rc2 not found.
They are in rancher/rancher, which we will be moving to in order to reduce (/create different) confusion with latest and stable for 1.x vs 2.x.
Ah ha. That does seem cleaner considering the 1.6.x will remain for a while. Worked.
docker run -p 80:80 -p 443:443 -d rancher/rancher:v2.0.0-rc2
Did the functionality of --acme-domain change? That bit no longer appears to be working for me, but that could be a Cloudflare thing too.
No, it hasn’t changed…
–acme-domain is not working for me either
Let’sEncrypt works fine. It is only for the standalone server, it is not for trying to do HA or run inside k8s as an ingress.
root@vjf:~# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 0e:a5:e3:a3:1c:72
inet addr:138.197.207.244 Bcast:138.197.207.255 Mask:255.255.240.0
inet6 addr: fe80::ca5:e3ff:fea3:1c72/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17717670 errors:0 dropped:0 overruns:0 frame:0
TX packets:13735821 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14737720576 (14.7 GB) TX bytes:4378864059 (4.3 GB)
root@vjf:~# dig a vjf.do.rancher.space
; <<>> DiG 9.10.3-P4-Ubuntu <<>> a vjf.do.rancher.space
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8487
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vjf.do.rancher.space. IN A
;; ANSWER SECTION:
vjf.do.rancher.space. 600 IN A 138.197.207.244
;; Query time: 28 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri May 11 06:09:44 UTC 2018
;; MSG SIZE rcvd: 65
root@vjf:~# docker run -d -p 80:80 -p 443:443 rancher/rancher:latest --acme-domain=vjf.do.rancher.space
2538a981aa11448e865ee7b10db7daba5205de72edb0594318ecc43b109eb182
# wait a minute
root@vjf:~# curl https://vjf.do.rancher.space/ping
pong
root@vjf:~# openssl s_client -connect vjf.do.rancher.space:443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = vjf.do.rancher.space
verify return:1
---
Certificate chain
0 s:/CN=vjf.do.rancher.space
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISBJ9iVo58j+D85k2Y+EYRuV5EMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA1MTEwNTEwMjlaFw0x
ODA4MDkwNTEwMjlaMB8xHTAbBgNVBAMTFHZqZi5kby5yYW5jaGVyLnNwYWNlMFkw
EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbTju91sj9CLZx1qFYkM+X6V292AzYrCq
oBurP5gDbVj0ECN4Ti61zaPPlMk19atNngsL3AakzpU7uyRMxpAb/6OCAxswggMX
MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU70I3bUQ+FoVSxG68Qtiv4PySYqkwHwYD
VR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4G
CCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8G
CCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAf
BgNVHREEGDAWghR2amYuZG8ucmFuY2hlci5zcGFjZTCB/gYDVR0gBIH2MIHzMAgG
BmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j
cHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlm
aWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVz
IGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9s
aWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkv
MIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUA23Sv7ssp7LH+yj5xbSzluaq7NveE
cYPHXZ1PN7Yfv2QAAAFjTdJ7TQAABAMARjBEAiAxQr3ZZnr37G5yDY6zhkAQ9B/E
FOzPB91QU8V8KN+RugIga7Ch3Mht0F9y4lLllrOjXzLf8ED/cWGf5S3Vu2rPfjUA
dgApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWNN0nsxAAAEAwBH
MEUCIQDgi33cN6IYJwe1zOLpBcq+fbbS+xXh1or1oV2LyOZ58wIgCvtrkB/7NDag
1FdiLn4duuFjxl8M0P7XK6X4IZCxdEQwDQYJKoZIhvcNAQELBQADggEBAGgt30p8
SWtd2uqRY7BPr0kniDVT0R39qTdp+pZVtNbwNMDJlruJA3tU+O08xilXXCmPeSOr
GKbViE5sWAlFe5DHIr5IQvl1zNP5lYb/NCAECKIlCYkFjGvZxeJCE0okcxqUtkNB
0FR8AspZNkADmTbeLja7q1sTvtjrMQ6GgbstV0/nXKpQ6WpCeJnqjZeoIXHYL6+v
WXCFOQx+ghm0WpgIZFAT7KK4Xeng0Al9OsTCJPKHW/SUPB8yGh6Jsc+Ycb3s+ooF
z/ndeITCewpg8y2OWSCdfzi0U1j1Wn9UYmSY9+Utrml1cNCs024GGjPL1sjNA/5O
2X18k/r11eJ6jBw=
-----END CERTIFICATE-----
subject=/CN=vjf.do.rancher.space
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA384
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2954 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES256-GCM-SHA384
Session-ID: 722C274257935B14A6A2246C5416CE763EC9B7E269129D4B676C47612D2BEF76
Session-ID-ctx:
Master-Key: C6EC92DCBFC6A37620679C74FA03FB8B10A662FC709ECF02984CE152C0F7E4363265F14CF0623692612E67F5AD3D3F30
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
0000 - 5c 72 47 bd a8 fe d4 02-3e 2f cc 9e 07 3b 62 60 \rG.....>/...;b`
0010 - cb 55 66 ed c1 02 5a 1d-d4 3c 7d 6f 05 47 76 07 .Uf...Z..<}o.Gv.
0020 - 1c bd a6 5d 0f 8d cc 0f-2b 02 1f 21 ed eb d1 e1 ...]....+..!....
0030 - 16 75 31 45 13 46 76 46-7d 7a 1a ff bb 90 4a 56 .u1E.FvF}z....JV
0040 - 3e 59 81 ca 4a 67 9e d2-02 23 6f b0 14 62 61 73 >Y..Jg...#o..bas
0050 - da 21 6e 1e 0c 67 64 91-3a 6b 84 b3 6c 91 06 85 .!n..gd.:k..l...
0060 - 9e 33 3b c3 3b af ad a5-e8 40 7d f2 68 17 af 98 .3;.;....@}.h...
0070 - d2 2f c7 49 5a 51 b8 ea- ./.IZQ..
Start Time: 1526019068
Timeout : 300 (sec)
Verify return code: 0 (ok)
---