接下来,从浏览器查看 Rancher 证书为dynamic,颁发者为dynamiclistener-ca,这是 Rancher 生成的默认证书: 因为替换证书之后,Rancher Agent 需要使用域名连接 Rancher Server,业务集群会出现无法连接的情况,所以需要提前从 Rancher UI 下载业务集群的 kubeconfig,并且将context切换到demo-rancher-demo2。切换后,可以不通过 ...
接下来,从浏览器查看 Rancher 证书为dynamic,颁发者为dynamiclistener-ca,这是 Rancher 生成的默认证书: 因为替换证书之后,Rancher Agent 需要使用域名连接 Rancher Server,业务集群会出现无法连接的情况,所以需要提前从 Rancher UI 下载业务集群的 kubeconfig,并且将context切换到demo-rancher-demo2。切换后,可以不通过 ...
$ kubectl get secret -n cattle-system tls-rancher-ingress -o jsonpath='{.data.ca\.crt}' | base64 -d | openssl x509 -noout -text Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: ecdsa-with-SHA256 Issuer: O = dynamiclistener-org, CN = dynamiclistener...
2022/02/12 10:43:49 [INFO] certificate CN=dynamic,O=dynamic signed by CN=dynamiclistener-ca,O=dynamiclistener-org: notBefore=2022-02-12 10:22:13 +0000 UTC notAfter=2023-02-12 10:43:49 +0000 UTC 2022/02/12 10:43:49 [INFO] certificate CN=dynamic,O=dynamic signed by CN=dynamiclist...
timeout=10s": x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "dynamiclistener-ca") Does anyone know how correct this behavior? Many thanks!
time="2024-09-26T09:51:37Z" level=info msg="certificate CN=dynamic,O=dynamic signed by CN=dynamiclistener-ca@1710854696,O=dynamiclistener-org: notBefore=2024-03-19 13:24:56 +0000 UTC notAfter=2034-09-24 09:51:37 +0000 UTC"
github.com/rancher/k3s/vendor/k8s.io/apimachinery/pkg/util/wait.Until(0xc00ac8c180, 0x3b9aca00, 0xc00d6836e0) /go/src/github.com/rancher/k3s/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90 +0x4d created by github.com/rancher/k3s/vendor/k8s.io/apiserver/pkg/server/dynamiccertificates...
Start Rancher by bind mounting the volume that has the certificate. The certificatemustbe calledca.crtinside the container. $sudodocker run-d--restart=unless-stopped-p8080:8080\-v/some/dir/cert.crt:/var/lib/rancher/etc/ssl/ca.crt rancher/server ...
The authenticityofserver'https://192.168.200.66'can't be established.Cert chain is:[Certificate:Data:Version:3(0x2)Serial Number:6843786369134447489(0x5efa03715aeb4b81)Signature Algorithm:ECDSA-SHA256Issuer:O=dynamiclistener-org,CN=dynamiclistener-ca ...
(0x5efa03715aeb4b81)Signature Algorithm: ECDSA-SHA256Issuer: O=dynamiclistener-org,CN=dynamiclistener-caValidityNot Before: May 29 07:53:13 2022 UTCNot After : May 29 09:22:46 2023 UTCSubject: O=dynamic,CN=dynamicSubject Public Key Info:Public Key Algorithm: ECDSAPublic-Key: (256 bit)X...