Webhook / Certificate expired

Hey guys,

we are facing some troubles with our Rancher:

Our Setup

  • RKE-Cluster: v1.2.10
  • Rancher: v2.6.1 (installed via official Helmcharts)

Our Rancher is running on a dedicated RKE-Cluster.

Projects/Namespaces > MyProject

We want to add a user to a Project “MyProject”. After Click on “Save”, the user was not successful saved.
The following route “https://rancher.local/v3/projectroletemplatebindings” returns HTTP500-Error

{"baseType":"error","code":"InternalError","message":"Internal error occurred: failed calling webhook \"rancherauth.cattle.io\": Post \"https://rancher-webhook.cattle-system.svc:443/v1/webhook/validation?timeout=10s\": x509: certificate has expired or is not yet valid: current time 2021-10-22T11:54:09Z is after 2021-10-12T11:47:20Z","status":500,"type":"error"}

We tried the following steps to resolve the problems:

  • Rancher-GUI: Cluster Management > MyCluster > Rotate Certificate => no success
  • RKE-Cluster: rke cert rotate => no success

The dirty quick fix was, change the date and time before SSL-Cert expired. But this caused a lot of other problems.

Right now, our Rancher is not fully usable.

Anyone some ideas?

1 Like