0x01 故障描述
ranhcer UI 无法进入,查看logs提示X509 certificate has expired or is not yet valid
# 查看 rancher agent 日志
root@iZbp1bddlmdujngbc11omnZ:~# docker logs -f --tail 10 b109
time="2024-02-17T03:26:04Z" level=fatal msg="Server certificate is not valid, please check if the host has the correct time configured and if the server certificate has a notAfter date and time in the future. Certificate information is displayed above. error: Get \"https://172.30.233.87:8443\": x509: certificate has expired or is not yet valid: current time 2024-02-17T03:26:04Z is after 2024-02-16T02:00:45Z"
0x02 解决方案
# Step1. docker exec -it rancher sh -c “rm /var/lib/rancher/k3s/server/tls/dynamic-cert.json”
root@iZbp1bddlmdujngbc11omnZ:~# docker exec -it rancher sh -c "rm /var/lib/rancher/k3s/server/tls/dynamic-cert.json"
# Step2. delete secrets You need to add this flag: --insecure-skip-tls-verify
root@iZbp1bddlmdujngbc11omnZ:~# docker exec -it rancher k3s kubectl delete secret -n kube-system k3s-serving --insecure-skip-tls-verify
root@iZbp1bddlmdujngbc11omnZ:~# docker exec -it rancher k3s kubectl delete secret -n cattle-system serving-cert --insecure-skip-tls-verify
# Step3. docker restart rancher
root@iZbp1bddlmdujngbc11omnZ:~# docker restart rancher
0x03 参考链接:
X509 certificate has expired or is not yet valid
Rancher轮换证书
发表评论