This message was deleted.
# harvestera
adamant-kite-43734
09/08/2023, 3:24 PMThis message was deleted.
m
miniature-lock-53926
09/08/2023, 3:27 PMBut does your kubeconfig keep working? I have this error and I was told that let's encrypt wildcards don't support IP SANs
e
enough-elephant-21781
09/08/2023, 3:30 PM[dopey@dopey-laptop ~]$ kubectl cluster-info dump| head{"kind": "NodeList","apiVersion": "v1","metadata": {"resourceVersion": "79422460"},"items": [{"metadata": {"name": "rke-coral-fba486f7-vj7fg",[dopey@dopey-laptop ~]$enough-elephant-21781
09/08/2023, 3:31 PMif I recall, all I did after installing cluster was set the SSL settings within the UI using my lets encrypt cert - which is a wildcard.
enough-elephant-21781
09/08/2023, 3:33 PMCONNECTED(00000003)depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1verify return:1depth=1 C = US, O = Let's Encrypt, CN = R3verify return:1depth=0 CN = *.slack.houseverify return:1---Certificate chain0 s:CN = *.slack.housei:C = US, O = Let's Encrypt, CN = R3a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256v:NotBefore: Jul 18 14:25:48 2023 GMT; NotAfter: Oct 16 14:25:47 2023 GMTm
miniature-lock-53926
09/08/2023, 3:34 PMIm sorry apparently I am stupid an did not update my harvester kubeconfig after changing certs
miniature-lock-53926
09/08/2023, 3:37 PMIt works 🙂 Thanks for getting me to look at it again
👍 1
miniature-lock-53926
09/12/2023, 6:20 AMBTW what do you use to automatically replace the let's encrypt cert in harvester?
miniature-lock-53926
09/14/2023, 4:02 PMSorry, to bother you again, have you tried adding nodes to your cluster after using you let's encrypt cert and installing them with the harvester vip ip? We just had a Problem because of the missing IP SAN in the certificate again
e
enough-elephant-21781
09/16/2023, 7:53 AMYes, there is some bugs on this created.
Ultimately I removed the SSL for adding nodes. If you check the install.sh file being fetched, it is including the IP for server and not the dns hostname. This is a change in behaviour.
There may be other work arounds, but I ultimately just removed SSL.
I've been tearing my hair out with SSL issues for the past week 😞 Also seeing issues trying to get things workign with rancher addon and unclear where to update SSL vs not. I find myself getting strange issues when I start adding SSL to harvester itself.
For now I made a new cluster, never adding SSL settings on harvester. On the rancher addon, I upgraded helm to use a secret for TLS, not iself, then changed to my lets encrypt for SSL cert of rancher ingress. I then access harvester via rancher - never direct
I need to confirm/file a bug but I believe there is some menus that behave differently if you go via rancher(virtualization management->harvester) vs harvester url direct. The IP Pools specific, I do not ever see the additonal scope drop downs if I do not go via rancher. -- but i need to clear caches and confirm this is not a browser cache issue
2 Views