Hello,
I was wondering if anyone know what the upgrade procedure would look like to upgrade the SSL certificates used in the step of generating the HA server script? I have provided some certificates which I notice will expire in a few months and would like to prepare for that.
Best regards,
Alejandro
You can edit the certificate in Infrastructure -> Certificates
Hi Vincent,
as always thanks for your reply! After this is done I can see that the /var/lib/rancher/etc/ssl/ca.crt file has changed in all of my hosts, does something need to be restarted after this? When I try to add a host to the environment now, I get some SSL error connecting, (the cert in the load balancer is valid and matches the one added to the cluster)
`requests.exceptions.SSLError: (ābad handshake: Error([(āSSL routinesā, āSSL3_GET_SERVER_CERTIFICATEā, ācertificate verify failedā)],)ā,)
Thanks!
Alejandro
`
Hi @alexR,
Sorry for the delay in response. From this error I can discern you are using self-signed certificates, correct (this would be the case if rancher generated the certs)?
Are you adding hosts using a specific cloud provider integration, or the custom method? If you are doing custom registration, it would be necessary to copy the new ca.crt to /var/lib/rancher/etc/ssl/ folder. The error indicates that the host you are trying to register doesnāt trust the CA that signed the certificate presented by your load balancer.
Hi!
Thank you very much for the reply. I finally got it working, I was actually using our own valid certificates. But the problem seemed to be that I needed to delete the /var/lib/rancher/state directory on the docker hosts (used as resources).
Best regards and again thank you!
Alejandro
Glad you figured it out!
James