This message was deleted.

Hi @great-bear-19718, would you like to give some help for it?

<https://150.140.130.120/apis/fleet.cattle.io/v1alpha1/namespaces/fleet-local/clusterregistrations>\": tls: failed to verify certificate: x509: cannot validate certificate for 150.140.130.120 because it doesn't contain any IP SANs

<- the cluster address used during installation

a support bundle would be handy..

I just installed a fresh 1.2.0-rc2 cluster with a DNS name pointing at the chosen cluster address. Supplied a valid certificate for the ssl-certificates setting and started joining another node targeting the DNS address targeting the cluster address. This node simply logs the following repeatedly in its journal:

Jun 28 10:54:44 2 rancherd[2400]: time="2023-06-28T10:54:44Z" level=info msg="[stderr]: curl: (60) SSL: no alternative certificate subject name matches target host name '158.38.237.194'"
Jun 28 10:54:44 2 rancherd[2400]: time="2023-06-28T10:54:44Z" level=info msg="[stderr]: More details here: <https://curl.se/docs/sslcerts.html>"
Jun 28 10:54:44 2 rancherd[2400]: time="2023-06-28T10:54:44Z" level=info msg="[stderr]: "
Jun 28 10:54:44 2 rancherd[2400]: time="2023-06-28T10:54:44Z" level=info msg="[stderr]: curl failed to verify the legitimacy of the server and therefore could not"
Jun 28 10:54:44 2 rancherd[2400]: time="2023-06-28T10:54:44Z" level=info msg="[stderr]: establish a secure connection to it. To learn more about this situation and"
Jun 28 10:54:44 2 rancherd[2400]: time="2023-06-28T10:54:44Z" level=info msg="[stderr]: how to fix it, please visit the web page mentioned above."
Jun 28 10:54:44 2 rancherd[2400]: time="2023-06-28T10:54:44Z" level=info msg="[stderr]: [ERROR]  000 received while testing Rancher connection. Sleeping for 5 seconds and trying again"

Not sure why it wants to use the IP address in this case. Wouldn’t it make sense to use the same address used when asked for cluster address during join?