Skip to content

How to rotate the Rancher SSL certificate with a single node Docker installation

This document (000020062) is provided subject to the disclaimer at the end of this document.

Situation

Task

One installation method for Rancher 2.x is to run Rancher in a Docker container on a single node. This approach is designed for a short-lived development/test environment and bundles a minimal footprint of all the components needed by Rancher into the container image.

When the default self-signed SSL certificate option is used, the lifetime of the SSL certificate is 1 year. If the container is run for a long period the certificate will need to be rotated. The below sections provide steps needed to rotate the certificate for different versions of Rancher.

Pre-requisites

Resolution

To perform the certificate rotation, please ensure a backup of the Rancher container has been completed, this can be used as a rollback in the event any previous data needs to be restored.

The process is different between different versions of Rancher, please select your version below as needed and set the container ID of the Rancher container.

Rancher v2.4.x and above

If the certificate is expiring in less than 90 days, certificate rotation occurs automatically. When expiry falls within this period, certificates will be rotated on the next start of the Rancher container.

rancher_container_id=xxx

docker restart ${rancher_container_id}

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.