Myluzh Blog

Rancher 2.5.x证书过期问题 [X509 certificate has expired or is not yet valid]

发布时间: 2024-2-17 文章作者: myluzh 分类名称: Kubernetes 朗读文章


0x01 故障描述
ranhcer UI 无法进入,查看logs提示X509 certificate has expired or is not yet valid
# 查看 rancher agent 日志
root@iZbp1bddlmdujngbc11omnZ:~# docker logs -f --tail 10 b109
time="2024-02-17T03:26:04Z" level=fatal msg="Server certificate is not valid, please check if the host has the correct time configured and if the server certificate has a notAfter date and time in the future. Certificate information is displayed above. error: Get \"https://172.30.233.87:8443\": x509: certificate has expired or is not yet valid: current time 2024-02-17T03:26:04Z is after 2024-02-16T02:00:45Z"

0x02 解决方案
# Step1. docker exec -it rancher sh -c “rm /var/lib/rancher/k3s/server/tls/dynamic-cert.json”
root@iZbp1bddlmdujngbc11omnZ:~# docker exec -it rancher sh -c "rm /var/lib/rancher/k3s/server/tls/dynamic-cert.json"

# Step2. delete secrets  You need to add this flag: --insecure-skip-tls-verify
root@iZbp1bddlmdujngbc11omnZ:~# docker exec -it rancher k3s kubectl delete secret -n kube-system k3s-serving --insecure-skip-tls-verify
root@iZbp1bddlmdujngbc11omnZ:~# docker exec -it rancher k3s kubectl delete secret -n cattle-system serving-cert --insecure-skip-tls-verify

# Step3. docker restart rancher
root@iZbp1bddlmdujngbc11omnZ:~# docker restart rancher


0x03 参考链接:
X509 certificate has expired or is not yet valid 
Rancher轮换证书


标签: rancher

发表评论