rich-crowd-36987
10/14/2022, 3:40 PMOct 14 15:09:01 k8worker05 rke2: time="2022-10-14T15:09:01Z" level=info msg="Connecting to proxy" url="<wss://10.149.5.62:9345/v1-rke2/connect>"
Oct 14 15:09:01 k8worker05 rke2: time="2022-10-14T15:09:01Z" level=error msg="Failed to connect to proxy" error="x509: certificate is valid for 10.149.4.146, 10.149.4.32, 10.149.4.77, 10.43.0.1, 127.0.0.1, not 10.149.5.62"
Oct 14 15:09:01 k8worker05 rke2: time="2022-10-14T15:09:01Z" level=error msg="Remotedialer proxy error" error="x509: certificate is valid for 10.149.4.146, 10.149.4.32, 10.149.4.77, 10.43.0.1, 127.0.0.1, not 10.149.5.62"
Obviously 10.149.5.62
is the new IP and doesn't match what the cert is advertising. I'm stumped however about how the cert is being generated. The /etc/rancher/rke2/config.yaml
file doesn't have any IP references... There are IPs in /var/lib/rancher/rke2/server/tls/dynamic-cert.json
though these appear to be the result of some process.
Any idea how to regenerate these certs?creamy-pencil-82913
10/14/2022, 5:24 PMrich-crowd-36987
10/14/2022, 6:07 PM