Update self signed certificate on single install of Rancher 2.x

This document (000020168) is provided subject to the disclaimer at the end of this document.

Situation

Task

Update/renew self signed certificates to ten year expiration on Single Server Install of Rancher 2.x

Pre-requisites

Resolution

  1. Download Rancher single tool on the server that is running your Rancher container:

    curl -LO https://github.com/patrick0057/rancher-single-tool/raw/master/rancher-single-tool.sh
  2. Run script so that it upgrades your installation (you can upgrade to the same version) and pass flags to indicate that you want to regenerate your self signed certificate. The most reliable way is to just specify all of your options on the command line but the script does have an easy to use automated system as well as shown in option b.

    a. Specify all flags on command line, including any rancher options you had and docker options. Option -s is required for generating new 10 year self signed SSL certificates.

    bash rancher-single-tool.sh -f -c'<container_id>' -t'upgrade' -v'<rancher_version>' -d'<docker_options>' -r'<rancher_options>' -s'<self_signed_ssl_hostname>'

    For example:

    bash rancher-single-tool.sh -f -c'984f2fe62f6a' -t'upgrade' -v'v2.2.4' -d'-d --restart=unless-stopped -p 80:80 -p 443:443' -r'none' -s'company.domain.com'

    b. Let the script prompt you for answers and autodetect docker and rancher options when asked to.

    bash rancher-single-tool.sh -s'<self_signed_ssl_hostname>'

    For example:

    bash rancher-single-tool.sh -s'company.domain.com'
  3. In order to see the new SSL you need to completely quit your browser and start it back up, otherwise it might still show you the old certificate. Alternatively you can consistently check this using openssl instead of using your browser.

    openssl s_client -connect company.domain.com:443 | openssl x509 -noout -text -startdate -enddate
  4. If you have any downstream clusters attached to this Rancher installation you will need to update their Rancher agent deployment which will be covered in https://github.com/rancherlabs/support-tools/tree/master/cluster-agent-tool

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020168
  • Creation Date: 13-Jul-2021
  • Modified Date:13-Jul-2021
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center