rancher: serving-cert expired

I have multiple clusters managed by rancher 2.5.7 (on a docker single instance). I received multiple errors trying to connect to clusters due to an expired certificate. What I found is that the serving-cert under kube-system namespace is expired.

image

How can I update it? I already tried what I found here: https://github.com/rancher/rancher/issues/26984#issuecomment-813907648 but I think is related to the internal k3s cluster (that it’s correct, the expire date for k3s-serving is 1 year).

somebody can help me?

Thanks

About this issue

  • Original URL
  • State: open
  • Created 3 years ago
  • Reactions: 6
  • Comments: 26 (5 by maintainers)

Most upvoted comments

You can execute the following commands to fix this issue.

docker exec -it your_rancher_container_id sh -c "rm -rf /var/lib/rancher/k3s/server/tls/dynamic-cert.json"
docker exec -it your_rancher_container_id sh -c "k3s kubectl --insecure-skip-tls-verify  delete secrets -n kube-system k3s-serving"
docker exec -it your_rancher_container_id sh -c "k3s kubectl --insecure-skip-tls-verify  delete secrets -n cattle-system serving-cert"

Restart the container.

+18
linuraj on Apr 20, 2021

I have several cluster in my rancher installation with expired or expiring serving-certs too. I tried to find any info on what they are for or what is the correct was to keep them up to date / renew them, but did not find anything helpful 😦

Could someone of the rancher guys give a hint if this is a problem or not ? or how to fix this ?

+4
erSitzt on May 11, 2021
Read more comments on GitHub
← rancher: SAML - Authentication pop up always show 404 on HA Rancher installs
rancher: Shared VPC missing when using GPC →