X509: certificate is valid for ingress.local

Using rke, I have installed kubernetes v1.12.1
I then installed rancher ui v 2.1.0.
I constantly see the below message in the cattle cluster and node logs:

time=“2018-11-27T17:09:19Z” level=info msg=“Option requestedHostname=xx.xx.xx.xx”

time=“2018-11-27T17:09:19Z” level=info msg=“Connecting to wss://xx.xx.xx.local/v3/connect with token 4nzpj48zz4zjgzqgq6scw42j94xj7qq4wvhdwdltqhtjjnzx48xqw5”

time=“2018-11-27T17:09:19Z” level=info msg=“Connecting to proxy” url=“wss://xx.xx.xx.xx.local/v3/connect”

time=“2018-11-27T17:09:20Z” level=error msg=“Failed to connect to proxy” error=“x509: certificate is valid for ingress.local, not xx.xx.xx.xx.sandbox.local”

looks like the certificate that is generated has CN=ingress.local and not the ***.sandbox.local. It should have the FQDN as part of CN or Subject Alternative Names.

Even I got the same error , how to debug that or where we need to make the changes


@ChinmoyPadhi this certificate is valid just to ingress.local. When you try use for xx.xx.xx.xx.sandbox.local this isn’t valid.

You need change this certificate for other with the correct CN.

@Bitenca, Sorry I didn’t understand the last line , could you please explain a bit more if that’s ok for you

Hi @ChinmoyPadhi you certificate needs your Common Name (CN). Like @Sarma_K said “CN=ingress.local and not the ***.sandbox.local”.

If CN doesn’t match… your certificate is not valid. So you need a new certificate for ingress.local or your local domain.


same issue here. I’m desperated. Anyone that knows a solution please!!!
I don’t understand what certificate you said…