Closed Isengo1989 closed 4 years ago
Isengo1989
commented
5 years ago Since Rancher 2.x there is an option to add an SSL Cert directly by Certbot/Lets Encrypt which is handy...
docker run -d ..... --acme-domain rancher.YOURDOMAIN.com
Works like a charm - maybe add it to this repo
Isengo1989
commented
5 years ago Sadly the provisioning is not working when just adding --acme-domain
superseb
commented
4 years ago The agents are connecting to the IP address assigned to the server (https://github.com/rancher/quickstart/blob/master/do/main.tf#L131), and that IP is not in the certificate so it will fail. You will need to adjust this if you want it to work with --acme-domain. (replacing passing the IP for a configured hostname)
Here is a way to extract the generated CA from Rancher to use to validate the connection: https://gist.github.com/superseb/2732303f0c85d6aca8fab617ea262ebb
When using it on Digital Ocean I get the info that the SSL Cert is not trusted and I can not use it in my gitlab deployment. Is there a workaround for that (not assigning the port 443 in the userdata_server etc. ) ?