I take it

192.16.14.22

is the address of the rancher UI?

also, you shouldn’t use an IP for the rancher server address. Get a hostname for it that actually resolves.

also, you shouldn’t use an IP for the rancher server address. Get a hostname for it that actually resolves. (edited)

sure got it, already I have a hostname to resolve, but somehow its picking up ip address.

let me check on it

How are you exposing Rancher? You’re supposed to access it through the ingress. You should be seeing the ingress certificate. If you see the dynamiclistener cert that means you’re connecting directly to the Rancher pod. Did you hack up the install and expose the pod directly using host ports or something?

let me make it as clusterip and try access it through ingress

I shall try it and get back latter. thank you very much @creamy-pencil-82913

installed rancherui with hostname

<http://rancher.internal.example.org|rancher.internal.example.org>

and while trying to add a remote cluster in the rancherui its still failing.

INFO: Environment: CATTLE_ADDRESS=10.42.4.204 CATTLE_CA_CHECKSUM= CATTLE_CLUSTER=true CATTLE_CLUSTER_AGENT_PORT=<tcp://10.43.66.187:80> CATTLE_CLUSTER_AGENT_PORT_443_TCP=<tcp://10.43.66.187:443> CATTLE_CLUSTER_AGENT_PORT_443_TCP_ADDR=10.43.66.187 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PORT=443 CATTLE_CLUSTER_AGENT_PORT_443_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_PORT_80_TCP=<tcp://10.43.66.187:80> CATTLE_CLUSTER_AGENT_PORT_80_TCP_ADDR=10.43.66.187 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PORT=80 CATTLE_CLUSTER_AGENT_PORT_80_TCP_PROTO=tcp CATTLE_CLUSTER_AGENT_SERVICE_HOST=10.43.66.187 CATTLE_CLUSTER_AGENT_SERVICE_PORT=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTP=80 CATTLE_CLUSTER_AGENT_SERVICE_PORT_HTTPS_INTERNAL=443 CATTLE_CLUSTER_REGISTRY= CATTLE_FEATURES=embedded-cluster-api=false,fleet=false,monitoringv1=false,multi-cluster-management=false,multi-cluster-management-agent=true,provisioningv2=false,rke2=false CATTLE_INGRESS_IP_DOMAIN=sslip.io CATTLE_INSTALL_UUID=df236495-0903-4e2a-9cb6-9bc9eb0703c8 CATTLE_INTERNAL_ADDRESS= CATTLE_IS_RKE=false CATTLE_K8S_MANAGED=true CATTLE_NODE_NAME=cattle-cluster-agent-59b87c5b-q2286 CATTLE_RANCHER_WEBHOOK_MIN_VERSION= CATTLE_RANCHER_WEBHOOK_VERSION=2.0.6+up0.3.6 CATTLE_SERVER=<https://rancher.internal.example.org> CATTLE_SERVER_VERSION=v2.7.9
INFO: Using resolv.conf: search cattle-system.svc.cluster.local svc.cluster.local cluster.local default.svc.cluster.local nameserver 10.43.0.10 options ndots:5
INFO: <https://rancher.internal.example.org/ping> is accessible
INFO: rancher.internal.example.org resolves to 192.16.14.22
time="2024-01-17T08:16:20Z" level=info msg="Listening on /tmp/log.sock"
time="2024-01-17T08:16:20Z" level=info msg="Rancher agent version v2.7.9 is starting"
time="2024-01-17T08:16:21Z" level=info msg="Certificate details from <https://192.16.14.22>"
time="2024-01-17T08:16:21Z" level=info msg="Certificate #0 (<https://192.16.14.22>)"
time="2024-01-17T08:16:21Z" level=info msg="Subject: CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co"
time="2024-01-17T08:16:21Z" level=info msg="Issuer: CN=Kubernetes Ingress Controller Fake Certificate,O=Acme Co"
time="2024-01-17T08:16:21Z" level=info msg="IsCA: false"
time="2024-01-17T08:16:21Z" level=info msg="DNS Names: [ingress.local]"
time="2024-01-17T08:16:21Z" level=info msg="IPAddresses: <none>"
time="2024-01-17T08:16:21Z" level=info msg="NotBefore: 2024-01-16 09:58:22 +0000 UTC"
time="2024-01-17T08:16:21Z" level=info msg="NotAfter: 2025-01-15 09:58:22 +0000 UTC"
time="2024-01-17T08:16:21Z" level=info msg="SignatureAlgorithm: SHA256-RSA"
time="2024-01-17T08:16:21Z" level=info msg="PublicKeyAlgorithm: RSA"
time="2024-01-17T08:16:21Z" level=fatal msg="Server certificate does not contain correct DNS and/or IP address entries in the Subject Alternative Names (SAN). Certificate information is displayed above. error: Get \"<https://192.16.14.22>\": x509: cannot validate certificate for 192.16.14.22 because it doesn't contain any IP SANs"