Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
a
ancient-car-38783
05/24/2023, 12:44 PMGood afternoon!
I'm in some dire need of guidance on having our Rancher's host name certificate ( for tls-rancher-ingress ) re-generated, it has expired and I'm unable to get it renewed.
I've identified 2 possible reasons for it, being.
1 I suspect this is because of it not being able to communicate internally due to seeing the following:
kubectl logs --timestamps -n cert-manager cert-manager-webhook-5d4fd5cb7f-mq94z | tail -5
2023-05-24T14:20:58.529881904+02:00 I0524 12:20:58.513458 1 logs.go:59] http: TLS handshake error from 89.233.X.X:34022: read tcp 10.42.1.196:10250->89.233.X.X:34022: read: connection reset by peer
2023-05-24T14:20:58.529886873+02:00 I0524 12:20:58.514768 1 logs.go:59] http: TLS handshake error from 89.233.X.X:34028: EOF
2023-05-24T14:20:58.538134400+02:00 I0524 12:20:58.522918 1 logs.go:59] http: TLS handshake error from 89.233.X.X:34058: read tcp 10.42.1.196:10250->89.233.X.X:34058: read: connection reset by peer
2023-05-24T14:20:58.557263869+02:00 I0524 12:20:58.524215 1 logs.go:59] http: TLS handshake error from 89.233.X.X:34034: EOF
2023-05-24T14:20:58.563356287+02:00 I0524 12:20:58.558927 1 logs.go:59] http: TLS handshake error from 89.233.X.X:34042: read tcp 10.42.1.196:10250->89.233.X.X:34042: read: connection reset by peer--insecure-skip-tls-verifykubectl cert-manager -n cattle-system status certificate tls-rancher-ingress
Name: tls-rancher-ingress
Namespace: cattle-system
Created at: 2023-05-24T14:20:57+02:00
Conditions:
Issuing: True, Reason: DoesNotExist, Message: Issuing certificate as Secret does not exist
Ready: False, Reason: DoesNotExist, Message: Issuing certificate as Secret does not exist
DNS Names:
- cluster.domain.ext
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Issuing 19m cert-manager-certificates-trigger Issuing certificate as Secret does not exist
Normal Generated 19m cert-manager-certificates-key-manager Stored new private key in temporary Secret resource "tls-rancher-ingress-xxwck"
Normal Requested 19m cert-manager-certificates-request-manager Created new CertificateRequest resource "tls-rancher-ingress-8wb4j"
error when getting Issuer: <http://issuers.cert-manager.io|issuers.cert-manager.io> "rancher" not found
error when finding Secret "tls-rancher-ingress": secrets "tls-rancher-ingress" not found
Not Before: <none>
Not After: <none>
Renewal Time: <none>
CertificateRequest:
Name: tls-rancher-ingress-8wb4j
Namespace: cattle-system
Conditions:
Approved: True, Reason: <http://cert-manager.io|cert-manager.io>, Message: Certificate request has been approved by <http://cert-manager.io|cert-manager.io>
Ready: False, Reason: Pending, Message: Referenced "Issuer" not found: <http://issuer.cert-manager.io|issuer.cert-manager.io> "rancher" not found
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal WaitingForApproval 19m cert-manager-certificaterequests-issuer-ca Not signing CertificateRequest until it is Approved
Normal WaitingForApproval 19m cert-manager-certificaterequests-issuer-selfsigned Not signing CertificateRequest until it is Approved
Normal WaitingForApproval 19m cert-manager-certificaterequests-issuer-venafi Not signing CertificateRequest until it is Approved
Normal WaitingForApproval 19m cert-manager-certificaterequests-issuer-vault Not signing CertificateRequest until it is Approved
Normal WaitingForApproval 19m cert-manager-certificaterequests-issuer-acme Not signing CertificateRequest until it is Approved
Normal <http://cert-manager.io|cert-manager.io> 19m cert-manager-certificaterequests-approver Certificate request has been approved by <http://cert-manager.io|cert-manager.io>
Normal IssuerNotFound 19m cert-manager-certificaterequests-issuer-selfsigned Referenced "Issuer" not found: <http://issuer.cert-manager.io|issuer.cert-manager.io> "rancher" not found
Normal IssuerNotFound 19m cert-manager-certificaterequests-issuer-ca Referenced "Issuer" not found: <http://issuer.cert-manager.io|issuer.cert-manager.io> "rancher" not found
Normal IssuerNotFound 19m cert-manager-certificaterequests-issuer-vault Referenced "Issuer" not found: <http://issuer.cert-manager.io|issuer.cert-manager.io> "rancher" not found
Normal IssuerNotFound 19m cert-manager-certificaterequests-issuer-acme Referenced "Issuer" not found: <http://issuer.cert-manager.io|issuer.cert-manager.io> "rancher" not found
Normal IssuerNotFound 19m cert-manager-certificaterequests-issuer-venafi Referenced "Issuer" not found: <http://issuer.cert-manager.io|issuer.cert-manager.io> "rancher" not foundRancher: 2.6.9
Cert-manager: 1.12 ( were on 1.11 and upgrade in the hopes of it resolving magically )
To be answering myself, since using a older version of Rancher, we decide to throw the dice and upgrade to the current lattest version of Rancher 2.7.3 and it solved the issue we're having.