Update/renew self signed certificates to ten year expiration on Single Server Install of Rancher 2.x
Download Rancher single tool on the server that is running your Rancher container:
curl -LO https://github.com/patrick0057/rancher-single-tool/raw/master/rancher-single-tool.sh
Run script so that it upgrades your installation (you can upgrade to the same version) and pass flags to indicate that you want to regenerate your self signed certificate. The most reliable way is to just specify all of your options on the command line but the script does have an easy to use automated system as well as shown in option b.
a. Specify all flags on command line, including any rancher options you had and docker options. Option -s is required for generating new 10 year self signed SSL certificates.
bash rancher-single-tool.sh -f -c'<container_id>' -t'upgrade' -v'<rancher_version>' -d'<docker_options>' -r'<rancher_options>' -s'<self_signed_ssl_hostname>'
bash rancher-single-tool.sh -f -c'984f2fe62f6a' -t'upgrade' -v'v2.2.4' -d'-d --restart=unless-stopped -p 80:80 -p 443:443' -r'none' -s'company.domain.com'
b. Let the script prompt you for answers and autodetect docker and rancher options when asked to.
bash rancher-single-tool.sh -s'<self_signed_ssl_hostname>'
bash rancher-single-tool.sh -s'company.domain.com'
In order to see the new SSL you need to completely quit your browser and start it back up, otherwise it might still show you the old certificate. Alternatively you can consistently check this using openssl instead of using your browser.
openssl s_client -connect company.domain.com:443 | openssl x509 -noout -text -startdate -enddate
If you have any downstream clusters attached to this Rancher installation you will need to update their Rancher agent deployment which will be covered in https://github.com/rancherlabs/support-tools/tree/master/cluster-agent-tool