-
Download Rancher single tool on the server that is running your Rancher container:
curl -LO https://github.com/patrick0057/rancher-single-tool/raw/master/rancher-single-tool.sh
-
Run script so that it upgrades your installation (you can upgrade to the same version) and pass flags to indicate that you want to regenerate your self signed certificate. The most reliable way is to just specify all of your options on the command line but the script does have an easy to use automated system as well as shown in option b.
a. Specify all flags on command line, including any rancher options you had and docker options. Option -s is required for generating new 10 year self signed SSL certificates.
bash rancher-single-tool.sh -f -c'<container_id>' -t'upgrade' -v'<rancher_version>' -d'<docker_options>' -r'<rancher_options>' -s'<self_signed_ssl_hostname>'
bash rancher-single-tool.sh -f -c'984f2fe62f6a' -t'upgrade' -v'v2.2.4' -d'-d --restart=unless-stopped -p 80:80 -p 443:443' -r'none' -s'company.domain.com'
b. Let the script prompt you for answers and autodetect docker and rancher options when asked to.
bash rancher-single-tool.sh -s'<self_signed_ssl_hostname>'
bash rancher-single-tool.sh -s'company.domain.com'
-
In order to see the new SSL you need to completely quit your browser and start it back up, otherwise it might still show you the old certificate. Alternatively you can consistently check this using openssl instead of using your browser.
openssl s_client -connect company.domain.com:443 | openssl x509 -noout -text -startdate -enddate
-
If you have any downstream clusters attached to this Rancher installation you will need to update their Rancher agent deployment which will be covered in https://gist.github.com/patrick0057/d5e99957a6e77cf2975774d03d9984f3
Last active
June 10, 2022 12:33
-
-
Save patrick0057/48763a0fcaad07120353032e1081a673 to your computer and use it in GitHub Desktop.
Update self signed certificate on single install of Rancher 2.x
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment