https://rancher.com/ logo
Join Slack
Powered by
This message was deleted.
# general
a
This message was deleted.
a
Show the certificate, I think you need to add the root ca so that firefox trusts it (and you might need to change a flag so that FF trusts certs from truststore)
otherwise try a different browser, not sure if Chrome allows you to press past that
security.enterprise_roots.enabled
in 
about:config
(FF)
c
non of the browsers work
security.enterprise_roots.enabled this needs to be false or true ?
a
true
But in that case I had the CA in my truststore, you might need to add it somewhere. It has been a while so I am not sure if you need to do that with LetsEncrypt
c
a
c
Copy code
helm install rancher rancher-<CHART_REPO>/rancher \
  --namespace cattle-system \
  --set hostname=<http://rancher.my.org|rancher.my.org> \
  --set bootstrapPassword=admin \
  --set ingress.tls.source=letsEncrypt \
  --set letsEncrypt.email=me@example.org \
  --set letsEncrypt.ingress.class=nginx
a
sorry I'm just a guy that is waiting for his scripts to finish running, The error from what I see is that the cert you have created is not trusted. I can't help you fix that but you could turn off the validation (for now and only for testing) to see that the thing is running
c
I have turned it off but still not working 😞
a
what does it say instead?
c
the same error
a
Did you read the link i sent?
Because if you do that the warning should disappear
oh wow the link was bad
Copy code
security.insecure_field_warning.contextual.enabled = false

security.certerrors.permanentOverride = false

network.stricttransportsecurity.preloadlist = false

security.enterprise_roots.enabled = true
and then restart FF and try again
you should probably reset those settings afterwards tho
c
yeah this way works thank you
But still need to fix it to work properly
a
Yeah in that case try and google for something like "How to add LetsEncrypt to known certificates" to fix the error that is described here. "Self-signed certificate"
c
But this way will only work on my PC right ?
a
Well, I don't know exactly how you made the cert but most of the time LetsEncrypt cert should be accepted by most other machines ... So I would check the LetsEncrypt guides for that
but I am not 100% sure anymore, some of my knowledge is from 2018
c
this is from Rancher view what certificate is used from the ingress
a
Your problem isn't that the cert is bad, it is that the cert you have self-signed isn't recognized by the browsers. Machines you can probably just tell to trust the cert. I am not sure if you are building this for military usage or just as a hobby project. Anyway I have to leave now 😕
c
Copy code
--set letsEncrypt.ingress.class=nginx
Did you get rid of the traefik ingress that comes with k3s, and deploy nginx instead? If not, that’s the wrong value to set there.
c
I have set my on cert on the ingress once i have access to rancher and now works fine. Is nginx ingress better then traefik
c
they’re different, not sure if I’d say better or worse.
c
Got it. Well i will use traefik for now if needed i will change it :)
c
if you’re going to use traefik you should set that to traefik, otherwise LE will try to use a nonexistent ingressclass
c
Yeah thanks i got it working now :)
6 Views
Open in Slack
PreviousNext
Powered by