[BUG] Rancher Serves Fake Cert, Even After Following Rancher Docs To Update Private CA and Cert #45448
Labels
kind/bug
Issues that are defects reported by users or that we know have reached a real release
Rancher Server Setup
Information about the Cluster
User Information
Describe the bug
We initially installed Rancher 90 days ago with Rancher's self signed certs. We started getting reports that kubectl commands with Rancher generated kubeconfigs were getting x509 errors. They expired, and we tried following the steps outlined in the docs to update the certs and the CA:
https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/resources/update-rancher-certificate
However, Rancher serves a fake cert even after following steps to update the CA and cert outlined above:
We thought step 3b would work but it just doesn't work. We still get "Kubernetes Ingress Controller Fake Certificate"
To Reproduce
Follow the steps outlined in https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/resources/update-rancher-certificate.
Once you complete step 3b, it didn't work. We even changed every secret manually inside of Rancher that we possibly could and it still didn't work.
Result
Fake Cert: "Kubernetes Ingress Controller Fake Certificate." Downstream clusters report x509 errors ("cert is for ingress.local not rancher.blah.blah").
Expected Result
The real cert installed in tls-rancher-ingress is served.
Screenshots
Fake cert:
Downstream cluster:
Cert Secrets:
The text was updated successfully, but these errors were encountered: