X509: certificate signed by unknown authorit when using kubectl or helm


I installed the lastest Rancher version (2-0 GA) which went well. But after this I wanted to install a Chart via Helm from my local mac with

helm init

But I received the following error: x509: certificate signed by unknown authority.

Any ideas? I’m also new to Kubernetes :sweat_smile:


This also occurs if I download the kubeconfig file and run e.g. kubectl get pods…

Problem was caused by the reverse proxy I’m using to automatically SSL-terminate the rancher v2 UI.

Removing certificate-authority-data solved the problem.

If you are using a reverse proxy on front of rancher you cloud also start it with --http-only command as described here: https://github.com/rancher/rancher/issues/11388

Using external termination is described here: https://rancher.com/docs/rancher/v2.x/en/installation/single-node-install-external-lb/#option-b-bring-your-own-certificate-signed-by-recognized-ca and the option is --no-cacerts