X509 certificate has expired or is not yet valid

Hello,

I’m using Rancher in a single docker container running version 2.4.5 and I have imported my ‘clusters’ . I currently receive the following error when I goto the rancher GUI

2021-06-10 17:54:41.461733 I | http: TLS handshake error from 127.0.0.1:59626: remote error: tls: bad certificate
2021-06-10 17:54:43.464172 I | http: TLS handshake error from 127.0.0.1:59628: remote error: tls: bad certificate
2021/06/10 17:54:43 [INFO] Waiting for server to become available: Get https://127.0.0.1:6443/version?timeout=30s: x509: certificate has expired or is not yet valid

What are the exact steps to rotate the certs , if I can’t connect to the GUI? I read that the certs expire after 1 year and once you rotate they will then expire in 10 years ? What are the exact steps to rotate the certs or create new ones ?

thanks

hello

I was able to resolve this by issuing the following commands:

delete certificate template to force re-generation

sudo docker exec -it rancher sh -c “rm /var/lib/rancher/k3s/server/tls/dynamic-cert.json”

delete the currently deployed cert

sudo docker exec -it rancher k3s kubectl delete secret -n kube-system k3s-serving

restart rancher, this triggers the cert re-generation and brings rancher back to life

sudo docker restart rancher