This message was deleted.

looks like a proxy issue. basically it doesn't trust the self-signed of the proxy

man im so bad with proxys, do you have any advice as to what i could do or try?

so is the signing CA in your keychain or windows cred store?

should be my keychain

maybe https://github.com/rancher-sandbox/rancher-desktop/issues/5165#issuecomment-2237096883

im on windows but also a little confused what that thread is saying

so what are the logs saying?

there should be a bunch of logs?

oh i looked into the k8s.log and it is showing this: 2024-07-30T185610.059Z: Error reading cached version data, discarding: [Error: ENOENT: no such file or directory, open 'C:\Users\tgfan\AppData\Local\rancher-desktop\cache\k3s-versions.json'] { errno: -4058, code: 'ENOENT', syscall: 'open', path: 'C:\\Users\\tgfan\\AppData\\Local\\rancher-desktop\\cache\\k3s-versions.json' } 2024-07-30T185611.514Z: Error reading cached version data, discarding: [Error: ENOENT: no such file or directory, open 'C:\Users\tgfan\AppData\Local\rancher-desktop\cache\k3s-versions.json'] { errno: -4058, code: 'ENOENT', syscall: 'open', path: 'C:\\Users\\tgfan\\AppData\\Local\\rancher-desktop\\cache\\k3s-versions.json' } 2024-07-30T185611.514Z: Updating release version cache with 0 items in cache 2024-07-30T185612.794Z: updateCache: error: FetchError: request to https://update.k3s.io/v1-release/channels failed, reason: unable to get local issuer certificate 2024-07-30T185612.807Z: FetchError: request to https://update.k3s.io/v1-release/channels failed, reason: unable to get local issuer certificate

so if you hit https://update.k3s.io/v1-release/channels in a browser who signed the Certificate? and is it an internal CA?

let me check

so no k3s.io is the mini k8s distribution offered by rancher

gotcha

the iisued by is what you care about. if its not a big internet CA or has your company name in the middle its doing TLS interception and has been replaced

yea i see now. you are right, it has my company name in the middle

so do you see a mathing certificate in your keychain/login/certificates?

thanks for being patient with me

all good. as i said this is far from my first rodeo.

im on windows and i am looking in my trusted root certificate authorities

ohh sorry

yep

actually sorry resetting brain. machine certificates

yep im there

you should see the same name in the "Issued by" in that list

i dont see an exact match of cert.company.gov in there but i see some "company root CA" in there.

yeah can never remember what attribute to match on

i don't see any of these certificates being issued to the k3s.io we saw through the link

ok, quit RD, so open a CMD window and

set node_tls_reject_unauthorized=0

and then run RD's exe from the same window

the command you gave me didn't change the behavior

yeah fetch is always a bit finnicky and i don't know if there is a client wrapper at play as well

so complicated

@proud-jewelry-46860 may have some thoughts on windows node fetch and self-signed from a proxy intercept. i am guessing the VM centric parts might be ok, but the host side fetch might need another nudge

hm

sounds like a regression. i would say https://github.com/rancher-sandbox/rancher-desktop/issues is a good place to drop that. provide the deets on what version you were trying to install, which one you did install, and the issues with init being able to fetch the channels due to CA mistrust