https://rancher.com/ logo
Title
s

sparse-art-48043

06/28/2022, 7:28 PM
i spun up a quick coredns to fix the routing issue but I can't get harvester to trust the self-signed cert. ugh
s

square-orange-60123

06/28/2022, 7:47 PM
I can't get harvester to trust the self-signed cert
-> what issue are you seeing? I wouldn’t think you would get any issues from the yaml generated from rancher.
s

sparse-art-48043

06/28/2022, 8:07 PM
Where should I check for the logs?
I kinda just assumed it would be the self-signed cert as I can't curl the yaml file due to that
but it could be something else
s

square-orange-60123

06/28/2022, 8:08 PM
can you curl it from your own machine on the same network?
s

sparse-art-48043

06/28/2022, 8:08 PM
no. SSL cert error
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: <https://curl.se/docs/sslcerts.html>

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
s

square-orange-60123

06/28/2022, 8:09 PM
oh 😅 well then its still a rancher cert issue. Can you curl with the insecure flag? And also post dig results?
s

sparse-art-48043

06/28/2022, 8:10 PM
I can visit the web interface with a security exception
I just want to know how to trust the self-signed cert in Harvester (for now)
s

square-orange-60123

06/28/2022, 8:11 PM
right. So tldr, you shouldn’t need to trust the cert. It doesn’t matter if rancher is using self-signed certs or not for registering a harvester setup to use in rancher.
s

sparse-art-48043

06/28/2022, 8:11 PM
Yes I can cURL it with --insecure
; <<>> DiG 9.16.28-RH <<>> rancher.box
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51584
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;rancher.box.			IN	A

;; ANSWER SECTION:
rancher.box.		0	IN	A	10.10.1.201

;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Jun 28 15:10:58 CDT 2022
;; MSG SIZE  rcvd: 56
really? it will just bypass the self-signed cert?
s

square-orange-60123

06/28/2022, 8:12 PM
yup. it should anyways 🙂
s

sparse-art-48043

06/28/2022, 8:12 PM
it's still not registering with rancher though...
😮 1
where would I get the logs for that stuff?
s

square-orange-60123

06/28/2022, 8:14 PM
I don’t have a setup right now to check unfortunately. You should be able to ssh in to your harvester node, and get the logs of the harvester deployment. I’d assume that it would show up there.
s

sparse-art-48043

06/28/2022, 8:15 PM
well i'm giving it a good ol' reboot and i'll see if that fixes it
😄 1
thanks for your help!