Rancher CA certs

patches_05 · June 16, 2025, 1:44pm

I’m using RKE2 and installed the chart using the following command:

helm upgrade -i rancher rancher-chart \
        --namespace cattle-system \
        --set hostname='rancher.test.net' \
        --set bootstrapPassword=$boot_pass \
        --set privateCA=true \
        --set ingress.tls.source=secret \
        --set ingress.tls.ingressClassName=nginx

To create secrets, I followed the instructions in this guide
However, when I tried to add a node, I received the following error:

[INFO]  Value from https://rancher.test.net/cacerts is an x509 certificate
[ERROR]  Configured cacerts checksum (1382944946dbe8c6faf7d0bd6d33d6593f3416579e75efa6ad852c2e24453016) does not match given --ca-checksum (543edb437be8e3b68c60bb09fc27bde24f26ce62bec2e44e182681c2df6ed06b)
[ERROR]  Please check if the correct certificate is configured at https://rancher.test.net/cacerts

When I navigate to https://rancher.test.net/cacerts, it shows the value from the tls-rancher-internal-ca secret.
Manually updating the tls-rancher-internal-ca secret resolves the issue if you’re using a private CA. (https://github.com/rancher/rancher/issues/36632#issuecomment-1633600724)
Any thoughts? Did I miss something?

Rancher chart version: 2.11.2
RKE2 version: v1.31.9+rke2r1

Topic		Replies	Views
[Rancher 2.6.3] Configured cacerts checksum does not match given --ca-checksum when using metallb and cert manager SUSE Rancher Prime	4	3559	May 23, 2022
Rancher PrivateCA SUSE Rancher Prime	8	6019	February 11, 2020
Rancher v2.6.1 is failing to update private CA chain, even though the secrets for new CA and CRT+KEY have replaced the old ones SUSE Rancher Prime	0	432	May 31, 2022
Problem deploying Rancher with PrivateCA SUSE Rancher Prime	0	46	November 29, 2024
Rancher 2.2.7 Fresh Install - cacerts issues (self signed cert) SUSE Rancher Prime	3	2070	February 29, 2020

Rancher CA certs

Related topics