1、修改系统时间,停止时间滚动更新。
关闭ntp同步,防止时间自动更新回来
timedatectl set-ntp false
修改节点时间
timedatectl set-time '2020-07-01 00:00:00'
2、重启容器。
#获取容器ID
rancher_server_id=`docker ps -a|grep -v CONTAINER|awk '{print $1}'`
#重启容器
docker restart ${rancher_server_id}
#进入容器内部,查看证书到期时间,并删除证书(已完成容器自签正式强制更新事宜)
root@ahhx-yf-192-168-220-132 \~\]# docker exec -ti ${rancher_server_id} bash root@[75af45caffba:/var/lib/rancher#](http://75af45caffba/var/lib/rancher "75af45caffba:/var/lib/rancher#") cd k3s/ data/ server/ root@[75af45caffba:/var/lib/rancher#](http://75af45caffba/var/lib/rancher "75af45caffba:/var/lib/rancher#") cd k3s/ data/ server/ root@[75af45caffba:/var/lib/rancher#](http://75af45caffba/var/lib/rancher "75af45caffba:/var/lib/rancher#") cd k3s/server/ root@[75af45caffba:/var/lib/rancher/k3s/server#](http://75af45caffba/var/lib/rancher/k3s/server "75af45caffba:/var/lib/rancher/k3s/server#") ls cred manifests node-token static tls root@[75af45caffba:/var/lib/rancher/k3s/server#](http://75af45caffba/var/lib/rancher/k3s/server "75af45caffba:/var/lib/rancher/k3s/server#") cd tls/ root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") ls client-admin.crt client-ca.crt client-kube-apiserver.crt client-kubelet.key request-header-ca.key serving-kube-apiserver.crt client-admin.key client-ca.key client-kube-apiserver.key client-scheduler.crt server-ca.crt serving-kube-apiserver.key client-auth-proxy.crt client-controller.crt client-kube-proxy.crt client-scheduler.key server-ca.key serving-kubelet.key client-auth-proxy.key client-controller.key client-kube-proxy.key request-header-ca.crt service.key temporary-certs root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") pwd /var/lib/rancher/k3s/server/tls root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") for i in \`ls /var/lib/rancher/k3s/server/tls/\*.crt\`; do echo $i; openssl x509 -enddate -noout -in $i; done /var/lib/rancher/k3s/server/tls/client-admin.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-auth-proxy.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-ca.crt notAfter=Mar 29 13:33:19 2031 GMT /var/lib/rancher/k3s/server/tls/client-controller.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-kube-apiserver.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-kube-proxy.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-scheduler.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/request-header-ca.crt notAfter=Mar 29 13:33:19 2031 GMT /var/lib/rancher/k3s/server/tls/server-ca.crt notAfter=Mar 29 13:33:19 2031 GMT /var/lib/rancher/k3s/server/tls/serving-kube-apiserver.crt notAfter=Mar 31 13:33:19 2022 GMT root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") **rm -rf \*.crt** root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") exit exit  #再次重启容器 docker restart ${rancher_server_id} #再次进入容器内部,观察证书是否已经更新到期时间及查看平台是否能正常访问。 #注意:如上教程仅仅适用于Rancher版本\>=2.3.x #Rancher版本\<=2.2,证书存储位置在:/var/lib/rancher/management-state/tls/ 下,操作方法一致。