https://rancher.com/ logo
#general
Title
# general
a

ancient-car-38783

05/24/2023, 12:44 PM
Good afternoon! I'm in some dire need of guidance on having our Rancher's host name certificate ( for tls-rancher-ingress ) re-generated, it has expired and I'm unable to get it renewed. I've identified 2 possible reasons for it, being. 1 I suspect this is because of it not being able to communicate internally due to seeing the following:
Copy code
kubectl logs --timestamps  -n cert-manager cert-manager-webhook-5d4fd5cb7f-mq94z | tail -5
2023-05-24T14:20:58.529881904+02:00 I0524 12:20:58.513458       1 logs.go:59] http: TLS handshake error from 89.233.X.X:34022: read tcp 10.42.1.196:10250->89.233.X.X:34022: read: connection reset by peer
2023-05-24T14:20:58.529886873+02:00 I0524 12:20:58.514768       1 logs.go:59] http: TLS handshake error from 89.233.X.X:34028: EOF
2023-05-24T14:20:58.538134400+02:00 I0524 12:20:58.522918       1 logs.go:59] http: TLS handshake error from 89.233.X.X:34058: read tcp 10.42.1.196:10250->89.233.X.X:34058: read: connection reset by peer
2023-05-24T14:20:58.557263869+02:00 I0524 12:20:58.524215       1 logs.go:59] http: TLS handshake error from 89.233.X.X:34034: EOF
2023-05-24T14:20:58.563356287+02:00 I0524 12:20:58.558927       1 logs.go:59] http: TLS handshake error from 89.233.X.X:34042: read tcp 10.42.1.196:10250->89.233.X.X:34042: read: connection reset by peer
Is there any way to get the
--insecure-skip-tls-verify
functionality into the command(s) that need executing? --- 2 It's trying to use 'rancher' as it's Issuer, where as it should/could be using the ClusterIssuer named "*letsencrypt-production*".
Copy code
kubectl cert-manager -n cattle-system status certificate tls-rancher-ingress
Name: tls-rancher-ingress
Namespace: cattle-system
Created at: 2023-05-24T14:20:57+02:00
Conditions:
  Issuing: True, Reason: DoesNotExist, Message: Issuing certificate as Secret does not exist
  Ready: False, Reason: DoesNotExist, Message: Issuing certificate as Secret does not exist
DNS Names:
- cluster.domain.ext
Events:
  Type    Reason     Age   From                                       Message
  ----    ------     ----  ----                                       -------
  Normal  Issuing    19m   cert-manager-certificates-trigger          Issuing certificate as Secret does not exist
  Normal  Generated  19m   cert-manager-certificates-key-manager      Stored new private key in temporary Secret resource "tls-rancher-ingress-xxwck"
  Normal  Requested  19m   cert-manager-certificates-request-manager  Created new CertificateRequest resource "tls-rancher-ingress-8wb4j"
error when getting Issuer: <http://issuers.cert-manager.io|issuers.cert-manager.io> "rancher" not found
error when finding Secret "tls-rancher-ingress": secrets "tls-rancher-ingress" not found
Not Before: <none>
Not After: <none>
Renewal Time: <none>
CertificateRequest:
  Name: tls-rancher-ingress-8wb4j
  Namespace: cattle-system
  Conditions:
    Approved: True, Reason: <http://cert-manager.io|cert-manager.io>, Message: Certificate request has been approved by <http://cert-manager.io|cert-manager.io>
  Ready: False, Reason: Pending, Message: Referenced "Issuer" not found: <http://issuer.cert-manager.io|issuer.cert-manager.io> "rancher" not found
  Events:
    Type    Reason              Age   From                                                Message
    ----    ------              ----  ----                                                -------
    Normal  WaitingForApproval  19m   cert-manager-certificaterequests-issuer-ca          Not signing CertificateRequest until it is Approved
    Normal  WaitingForApproval  19m   cert-manager-certificaterequests-issuer-selfsigned  Not signing CertificateRequest until it is Approved
    Normal  WaitingForApproval  19m   cert-manager-certificaterequests-issuer-venafi      Not signing CertificateRequest until it is Approved
    Normal  WaitingForApproval  19m   cert-manager-certificaterequests-issuer-vault       Not signing CertificateRequest until it is Approved
    Normal  WaitingForApproval  19m   cert-manager-certificaterequests-issuer-acme        Not signing CertificateRequest until it is Approved
    Normal  <http://cert-manager.io|cert-manager.io>     19m   cert-manager-certificaterequests-approver           Certificate request has been approved by <http://cert-manager.io|cert-manager.io>
    Normal  IssuerNotFound      19m   cert-manager-certificaterequests-issuer-selfsigned  Referenced "Issuer" not found: <http://issuer.cert-manager.io|issuer.cert-manager.io> "rancher" not found
    Normal  IssuerNotFound      19m   cert-manager-certificaterequests-issuer-ca          Referenced "Issuer" not found: <http://issuer.cert-manager.io|issuer.cert-manager.io> "rancher" not found
    Normal  IssuerNotFound      19m   cert-manager-certificaterequests-issuer-vault       Referenced "Issuer" not found: <http://issuer.cert-manager.io|issuer.cert-manager.io> "rancher" not found
    Normal  IssuerNotFound      19m   cert-manager-certificaterequests-issuer-acme        Referenced "Issuer" not found: <http://issuer.cert-manager.io|issuer.cert-manager.io> "rancher" not found
    Normal  IssuerNotFound      19m   cert-manager-certificaterequests-issuer-venafi      Referenced "Issuer" not found: <http://issuer.cert-manager.io|issuer.cert-manager.io> "rancher" not found
--- Anyone that could guide me in the right direction? I'm bit blindly trying search terms and there results but unsuccessful so far.
Rancher: 2.6.9 Cert-manager: 1.12 ( were on 1.11 and upgrade in the hopes of it resolving magically )
To be answering myself, since using a older version of Rancher, we decide to throw the dice and upgrade to the current lattest version of Rancher 2.7.3 and it solved the issue we're having.
16 Views