I was wondering if anyone know what the upgrade procedure would look like to upgrade the SSL certificates used in the step of generating the HA server script? I have provided some certificates which I notice will expire in a few months and would like to prepare for that.
You can edit the certificate in Infrastructure -> Certificates
as always thanks for your reply! After this is done I can see that the /var/lib/rancher/etc/ssl/ca.crt file has changed in all of my hosts, does something need to be restarted after this? When I try to add a host to the environment now, I get some SSL error connecting, (the cert in the load balancer is valid and matches the one added to the cluster)
`requests.exceptions.SSLError: (“bad handshake: Error([(‘SSL routines’, ‘SSL3_GET_SERVER_CERTIFICATE’, ‘certificate verify failed’)],)”,)
Sorry for the delay in response. From this error I can discern you are using self-signed certificates, correct (this would be the case if rancher generated the certs)?
Are you adding hosts using a specific cloud provider integration, or the custom method? If you are doing custom registration, it would be necessary to copy the new ca.crt to /var/lib/rancher/etc/ssl/ folder. The error indicates that the host you are trying to register doesn’t trust the CA that signed the certificate presented by your load balancer.
Thank you very much for the reply. I finally got it working, I was actually using our own valid certificates. But the problem seemed to be that I needed to delete the
/var/lib/rancher/state directory on the docker hosts (used as resources).
Best regards and again thank you!