Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
s
sparse-art-48043
06/28/2022, 7:28 PMi spun up a quick coredns to fix the routing issue but I can't get harvester to trust the self-signed cert. ugh
s
square-orange-60123
06/28/2022, 7:47 PMI can't get harvester to trust the self-signed certs
sparse-art-48043
06/28/2022, 8:07 PMWhere should I check for the logs?
I kinda just assumed it would be the self-signed cert as I can't curl the yaml file due to that
but it could be something else
s
square-orange-60123
06/28/2022, 8:08 PMcan you curl it from your own machine on the same network?
s
sparse-art-48043
06/28/2022, 8:08 PMno. SSL cert error
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: <https://curl.se/docs/sslcerts.html>
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.s
square-orange-60123
06/28/2022, 8:09 PMoh 😅 well then its still a rancher cert issue. Can you curl with the insecure flag? And also post dig results?
s
sparse-art-48043
06/28/2022, 8:10 PMI can visit the web interface with a security exception
I just want to know how to trust the self-signed cert in Harvester (for now)
s
square-orange-60123
06/28/2022, 8:11 PMright. So tldr, you shouldn’t need to trust the cert. It doesn’t matter if rancher is using self-signed certs or not for registering a harvester setup to use in rancher.
s
sparse-art-48043
06/28/2022, 8:11 PMYes I can cURL it with --insecure
; <<>> DiG 9.16.28-RH <<>> rancher.box
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51584
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;rancher.box. IN A
;; ANSWER SECTION:
rancher.box. 0 IN A 10.10.1.201
;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Jun 28 15:10:58 CDT 2022
;; MSG SIZE rcvd: 56really? it will just bypass the self-signed cert?
s
square-orange-60123
06/28/2022, 8:12 PMyup. it should anyways 🙂
s
sparse-art-48043
06/28/2022, 8:12 PMit's still not registering with rancher though...
😮 1
where would I get the logs for that stuff?
s
square-orange-60123
06/28/2022, 8:14 PMI don’t have a setup right now to check unfortunately. You should be able to ssh in to your harvester node, and get the logs of the harvester deployment. I’d assume that it would show up there.
s
sparse-art-48043
06/28/2022, 8:15 PMwell i'm giving it a good ol' reboot and i'll see if that fixes it
😄 1
thanks for your help!