Error when registering nodes for RKE2 cluster through Rancher UI

liambest · November 12, 2025, 2:13am

I ran into this problem and resolved this by changing the agent-tls-mode from strict to system-store.

From the docs:

In strict mode the agents (system, cluster, fleet, etc) will only trust Rancher installations which are using a certificate signed by the CABundle in the cacerts setting. When the mode is system-store, the agents will trust any certificate signed by a CABundle in the operating system’s trust store.

I suspect that because we have Cloudflare doing TLS termination, the certificate that agents are seeing no longer matches the certificate when getting the certificate from /cacerts.

Topic		Replies	Views
Unable to add nodes to k8s using the rancher agent script SUSE Rancher Prime	0	780	September 6, 2021
Unable to register new RKE cluster to Rancher 2.5.7 (k3s) SUSE Rancher Prime	10	3936	May 28, 2021
Registering to cluster does not work SUSE Rancher Prime	4	3630	July 24, 2025
Certificates updated ==> disaster happened SUSE Rancher Prime	0	778	March 14, 2022
Cluster Registration Woes SUSE Rancher Prime	0	147	September 25, 2023

Error when registering nodes for RKE2 cluster through Rancher UI

Related topics