Skip to content

Update self signed certificate on single install of Rancher 2.x

This document (000020168) is provided subject to the disclaimer at the end of this document.

Situation

Task

Update/renew self signed certificates to ten year expiration on Single Server Install of Rancher 2.x

\\ Note ** Single Server Installations are not recommended for Production environments.

Pre-requisites

Resolution

  1. Download Rancher single tool on the server that is running your Rancher container:
curl -LO https://github.com/patrick0057/rancher-single-tool/raw/master/rancher-single-tool.sh
  1. Run script so that it upgrades your installation (you can upgrade to the same version) and pass flags to indicate that you want to regenerate your self signed certificate. The most reliable way is to just specify all of your options on the command line but the script does have an easy to use automated system as well as shown in option b.

a. Specify all flags on command line, including any rancher options you had and docker options. Option -s is required for generating new 10 year self signed SSL certificates.

bash rancher-single-tool.sh -f -c'<container_id>' -t'upgrade' -v'<rancher_version>' -d'<docker_options>' -r'<rancher_options>' -s'<self_signed_ssl_hostname>'

For example:

bash rancher-single-tool.sh -f -c'984f2fe62f6a' -t'upgrade' -v'v2.2.4' -d'-d --restart=unless-stopped -p 80:80 -p 443:443' -r'none' -s'company.domain.com'

b. Let the script prompt you for answers and autodetect docker and rancher options when asked to.

bash rancher-single-tool.sh -s'<self_signed_ssl_hostname>'

For example:

bash rancher-single-tool.sh -s'company.domain.com'
  1. In order to see the new SSL you need to completely quit your browser and start it back up, otherwise it might still show you the old certificate. Alternatively you can consistently check this using openssl instead of using your browser.
openssl s_client -connect company.domain.com:443 | openssl x509 -noout -text -startdate -enddate
  1. If you have any downstream clusters attached to this Rancher installation you will need to update their Rancher agent deployment which will be covered in https://github.com/rancherlabs/support-tools/tree/master/cluster-agent-tool

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.