New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"crypto/rsa: verification error" after restarting k3s server #411
Comments
Update: it works if I change its server to |
We may have a general issue with k3s in that we really shouldn't start the k3s server until your time is set. I think we could do something like "if the time is before 1980 wait". |
Version - v0.6.0-rc3 |
K3s - v0.6.1 After reboot I get
What I tested so far
please advice. |
Same issue here on K3S - v0.6.1 arm64 debian. It also happens with a systemctl restart or a start after a stop... Retried some times after complete cleanup: same behaviour with or without boot: every k3s server restart gives me this issue... (running on pine64 rockpro in this case) |
You can run your k3s kubectl commands with the --insecure-skip-tls-verify flag, it will skip this cert error, but does not feel like a very safe fix. |
Thx @QuentinFAIDIDE |
Are we forced to upgrade from 0.6.1 to 0.7.0, or are there any other solutions to this problem? |
Also no error on a systemctl restart? On my arm64 rockpro64 I need to reboot to get the server ready for connections again. Same on 0.7.0-rc3. |
Describe the bug
I started up a k3s cluster on a Raspberry Pi 3+. Completely standard install with and everything seemed to be working well. After I restarted the server, it seems to be having problems with its TLS certification. All
kubectl
commands are failing with this command:This shows up in
journalctl
as well, these same lines over and over:Speculation: the Pi doesn't have an onboard clock. Could the CA have gotten an incorrect time when it was generated, and now that the time updated with NTP it's no longer valid?
To Reproduce
Steps to reproduce the behavior:
curl -sfL https://get.k3s.io | sh -
on a Pi 3 B+I imagine it'd be useful for me to include the CA or HTTPS cert but I'm not actually sure how to access them - will post here if someone can point me in the right direction.
The text was updated successfully, but these errors were encountered: