How to rotate the Rancher SSL certificate with a single node Docker installation
This document (000020062) is provided subject to the disclaimer at the end of this document.
Situation
Task
One installation method for Rancher 2.x is to run Rancher in a Docker container on a single node. This approach is designed for a short-lived development/test environment and bundles a minimal footprint of all the components needed by Rancher into the container image.
When the default self-signed SSL certificate option is used, the lifetime of the SSL certificate is 1 year. If the container is run for a long period the certificate will need to be rotated. The below sections provide steps needed to rotate the certificate for different versions of Rancher.
Pre-requisites
- A Rancher v2.x single node Docker installation
- Access to the node where Rancher is running to run Docker commands
- A backup of the Rancher container
Resolution
To perform the certificate rotation, please ensure a backup of the Rancher container has been completed, this can be used as a rollback in the event any previous data needs to be restored.
The process is different between different versions of Rancher, please select your version below as needed and set the container ID of the Rancher container.
Rancher v2.4.x and above
If the certificate is expiring in less than 90 days, certificate rotation occurs automatically. When expiry falls within this period, certificates will be rotated on the next start of the Rancher container.
rancher_container_id=xxx
docker restart ${rancher_container_id}
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.