INFO: https://rancher.redacted.org/ping is accessible INFO: rancher.redacted.org resolves to 172.25.11.205 INFO: Value from https://rancher.redacted.org/v3/settings/cacerts is an x509 certificate time="2022-12-05T10:08:28Z" level=info msg="Listening on /tmp/log.sock" time="2022-12-05T10:08:28Z" level=info msg="Rancher agent version v2.7.0 is starting" time="2022-12-05T10:08:28Z" level=info msg="Certificate details from https://172.25.11.205" time="2022-12-05T10:08:28Z" level=info msg="Certificate #0 (https://172.25.11.205)" time="2022-12-05T10:08:28Z" level=info msg="Subject: CN=TRAEFIK DEFAULT CERT" time="2022-12-05T10:08:28Z" level=info msg="Issuer: CN=TRAEFIK DEFAULT CERT" time="2022-12-05T10:08:28Z" level=info msg="IsCA: false" time="2022-12-05T10:08:28Z" level=info msg="DNS Names: [813d9dcb9cd6167ed7a689bf1631c6be.41d2f76f48bcad52d0b233fbb376e088.traefik.default]" time="2022-12-05T10:08:28Z" level=info msg="IPAddresses: <none>" time="2022-12-05T10:08:28Z" level=info msg="NotBefore: 2022-12-05 09:13:54 +0000 UTC" time="2022-12-05T10:08:28Z" level=info msg="NotAfter: 2023-12-05 09:13:54 +0000 UTC" time="2022-12-05T10:08:28Z" level=info msg="SignatureAlgorithm: SHA256-RSA" time="2022-12-05T10:08:28Z" level=info msg="PublicKeyAlgorithm: RSA" time="2022-12-05T10:08:28Z" level=info msg="Certificate details for /etc/kubernetes/ssl/certs/serverca" time="2022-12-05T10:08:28Z" level=info msg="Certificate #0 (/etc/kubernetes/ssl/certs/serverca)" time="2022-12-05T10:08:28Z" level=info msg="Subject: CN=dynamiclistener-ca@1669278744,O=dynamiclistener-org" time="2022-12-05T10:08:28Z" level=info msg="Issuer: CN=dynamiclistener-ca@1669278744,O=dynamiclistener-org" time="2022-12-05T10:08:28Z" level=info msg="IsCA: true" time="2022-12-05T10:08:28Z" level=info msg="DNS Names: <none>" time="2022-12-05T10:08:28Z" level=info msg="IPAddresses: <none>" time="2022-12-05T10:08:28Z" level=info msg="NotBefore: 2022-11-24 08:32:24 +0000 UTC" time="2022-12-05T10:08:28Z" level=info msg="NotAfter: 2032-11-21 08:32:24 +0000 UTC" time="2022-12-05T10:08:28Z" level=info msg="SignatureAlgorithm: ECDSA-SHA256" time="2022-12-05T10:08:28Z" level=info msg="PublicKeyAlgorithm: ECDSA" time="2022-12-05T10:08:28Z" level=error msg="Issuer of last certificate found in chain (CN=TRAEFIK DEFAULT CERT) does not match with CA certificate Issuer (CN=dynamiclistener-ca@1669278744,O=dynamiclistener-org). Please check if the configured server certificate contains all needed intermediate certificates and make sure they are in the correct order (server certificate first, intermediates after)" time="2022-12-05T10:08:28Z" level=fatal msg="Server certificate does not contain correct DNS and/or IP address entries in the Subject Alternative Names (SAN). Certificate information is displayed above. error: Get \"https://172.25.11.205\": x509: cannot validate certificate for 172.25.11.205 because it doesn't contain any IP SANs"

this message mean your ip-address is not a part of the Subject-Alternative name try to run your installation with the --tls-san ip-address option.

--tls-san is an option for K3s, it wont change the cert used by the ingress in front of your Rancher install