This message was deleted Rancher Users #k3s

This message was deleted.

adamant-kite-43734

12/13/2023, 8:22 PM

This message was deleted.

late-barista-75996

12/13/2023, 8:23 PM

Maybe start using

--tls-san

and then use

k3s certificate rotate

creamy-pencil-82913

12/13/2023, 8:34 PM

just add it to --tls-san and then make a request against the hostname. it’ll get added on demand, if approved.

late-barista-75996

12/13/2023, 8:35 PM

Oh nice. What is responsible for approving it?

creamy-pencil-82913

12/13/2023, 8:35 PM

k3s

creamy-pencil-82913

12/13/2023, 8:36 PM

it will add hostnames to the cert on demand, if they match a node IP, hostname, or a value in the tls-san list

late-barista-75996

12/13/2023, 8:36 PM

Oh I see, okay

late-barista-75996

12/13/2023, 8:36 PM

It'll be approved by my adding it to tls-san, same page now

late-barista-75996

12/13/2023, 8:37 PM

That's handy, thank you! It's not explicitly called out, but some online discussions led me to believe

--tls-san

was mostly a bootstrapping arg

late-barista-75996

12/13/2023, 8:37 PM

Happy to learn it's not. Thanks @creamy-pencil-82913 🙂