Skip to content

Instantly share code, notes, and snippets.

@janeczku

janeczku/rancher-url-change.md

Last active October 11, 2025 22:00
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save janeczku/d3b9eed3b1dee7863b66fba3367a1bd4 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save janeczku/d3b9eed3b1dee7863b66fba3367a1bd4 to your computer and use it in GitHub Desktop.
Download ZIP
Change the hostname/URL and certificate of an existing Rancher installation
Raw
rancher-url-change.md

Steps to change the URL of Rancher installation and switch from a self-signed certificate to a certificate signed by recognized CA.

  1. Change the Rancher server-url setting to the new URL:

    • Navigate to https://<old_rancher_hostname>/g/settings/advanced
    • Edit server-url to https://<new_rancher_hostname>

  2. Clear the private CA certificate for the old certificate

    • Navigate to https://<old_rancher_hostname>/g/settings/advanced
    • Next to cacerts click context menu -> View in API
    • Click Edit
    • Clear the content of the value field
    • Click Show Request then Send Request

  3. Trigger a re-deployment of the cluster-agent and node-agent for each cluster:

    • Configure kubectl to point at the RKE cluster where Rancher server is running
    • Note down the IDs of the managed clusters: $ kubectl get clusters
    • For each cluster (including local) run:
    $ kubectl patch cluster <CLUSTER_ID> -p '{"status":{"agentImage":"dummy"}}' --type merge

  4. Note that this will disconnect all clusters from Rancher until the installation is upgraded with the new hostname / ingress configuration.

  5. Update the certificate for Rancher from private to public signed one:

  6. Upgrade Rancher installation using the helm upgrade command following the steps here: https://rancher.com/docs/rancher/v2.x/en/upgrades/upgrades/ha-server-upgrade-helm/#upgrade-rancher

    • Specify the currently installed Rancher version to prevent software upgrade
    • Pass all the values (--set) that were originally specified during installation
    • Pass the new Rancher hostname in the hostname variable
    • Ensure you specify --set privateCA=false to clear out the old private CA certificate

    Example:

    helm upgrade rancher rancher-stable/rancher --version v2.1.6 \
--set hostname=rancher-new.example.com \
--set ingress.tls.source=secret \
--set privateCA=false \
--set ...other...options
@maxgio92
Copy link

maxgio92 commented Nov 24, 2023

JFI the comment from @Nilegfx is correct, but right now it misses the update of the node's system agent.
The system agents need to be updated with the registration command. That command can be taken from Rancher UI: Cluster Management > > Registration and re-run on each node, modifying the correct role based on the node is run.

@Luckyboys
Copy link

Luckyboys commented Feb 20, 2025

Thank you, @Nilegfx. Your assistance has been a wonderful help for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment