This message was deleted.

how did you configure SSL on rancher? https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster#3-choose-you[…]onfiguration https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/install-upgrade-on-a-kubernetes-cluster#5-install-ra[…]icate-option

I just deployed a cert manager

and in

cattle-system

namespace do you have a secret with name

tls-rancher-ingress

?

yes

I have never tried to use IP address with

--set hostname

maybe someone else here can provide better insight on this

doesn't work btw

oh it says there "must be a DNS name"

it means it is mandatory to have a dns record ?

yeah or the ugly (and temporary use) set in /etc/hosts file on every machine

so if i contact server through dns instead of ip certificate chain would be valid ? For the hostname i provided

I would think so... I have done that several times (with using FQDN instead of IP) and have not had any issue although I am not sure if you will have to redeploy rancher with correct

--set hostname

Thx

yep so just install cert-manager (as it shows in example in that doc):

# Add the Jetstack Helm repository
helm repo add jetstack <https://charts.jetstack.io>

# Update your local Helm chart repository cache
helm repo update

# Install the cert-manager Helm chart
helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --set crds.enabled=true

then install rancher

helm install rancher rancher-stable/rancher \
  --namespace cattle-system \
  --set hostname=<http://rancher.my.org|rancher.my.org> \
  --set bootstrapPassword=admin

For you should i use ingress with private IP, or nodePort and register node IP as DNS record ?

IP address of your node (or VM) should be a DNS record

okay so no use of ingress