1、修改系统时间，停止时间滚动更新。

关闭ntp同步，防止时间自动更新回来

timedatectl set-ntp false

修改节点时间

timedatectl set-time '2020-07-01 00:00:00'

2、重启容器。

#获取容器ID

rancher_server_id=`docker ps -a|grep -v CONTAINER|awk '{print $1}'`

#重启容器

docker restart ${rancher_server_id}

#进入容器内部，查看证书到期时间，并删除证书（已完成容器自签正式强制更新事宜）

root@ahhx-yf-192-168-220-132 \~\]# docker exec -ti ${rancher_server_id} bash root@[75af45caffba:/var/lib/rancher#](http://75af45caffba/var/lib/rancher "75af45caffba:/var/lib/rancher#") cd k3s/ data/ server/ root@[75af45caffba:/var/lib/rancher#](http://75af45caffba/var/lib/rancher "75af45caffba:/var/lib/rancher#") cd k3s/ data/ server/ root@[75af45caffba:/var/lib/rancher#](http://75af45caffba/var/lib/rancher "75af45caffba:/var/lib/rancher#") cd k3s/server/ root@[75af45caffba:/var/lib/rancher/k3s/server#](http://75af45caffba/var/lib/rancher/k3s/server "75af45caffba:/var/lib/rancher/k3s/server#") ls cred manifests node-token static tls root@[75af45caffba:/var/lib/rancher/k3s/server#](http://75af45caffba/var/lib/rancher/k3s/server "75af45caffba:/var/lib/rancher/k3s/server#") cd tls/ root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") ls client-admin.crt client-ca.crt client-kube-apiserver.crt client-kubelet.key request-header-ca.key serving-kube-apiserver.crt client-admin.key client-ca.key client-kube-apiserver.key client-scheduler.crt server-ca.crt serving-kube-apiserver.key client-auth-proxy.crt client-controller.crt client-kube-proxy.crt client-scheduler.key server-ca.key serving-kubelet.key client-auth-proxy.key client-controller.key client-kube-proxy.key request-header-ca.crt service.key temporary-certs root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") pwd /var/lib/rancher/k3s/server/tls root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") for i in \`ls /var/lib/rancher/k3s/server/tls/\*.crt\`; do echo $i; openssl x509 -enddate -noout -in $i; done /var/lib/rancher/k3s/server/tls/client-admin.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-auth-proxy.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-ca.crt notAfter=Mar 29 13:33:19 2031 GMT /var/lib/rancher/k3s/server/tls/client-controller.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-kube-apiserver.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-kube-proxy.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-scheduler.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/request-header-ca.crt notAfter=Mar 29 13:33:19 2031 GMT /var/lib/rancher/k3s/server/tls/server-ca.crt notAfter=Mar 29 13:33:19 2031 GMT /var/lib/rancher/k3s/server/tls/serving-kube-apiserver.crt notAfter=Mar 31 13:33:19 2022 GMT root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") **rm -rf \*.crt** root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") exit exit ![](https://i-blog.csdnimg.cn/direct/ceb04e0294774bb18ec0347c31a24ada.png) #再次重启容器 docker restart ${rancher_server_id} #再次进入容器内部，观察证书是否已经更新到期时间及查看平台是否能正常访问。 #注意：如上教程仅仅适用于Rancher版本\>=2.3.x #Rancher版本\<=2.2，证书存储位置在：/var/lib/rancher/management-state/tls/ 下，操作方法一致。

Rancher证书到期致使平台无法浏览故障解决

关闭ntp同步，防止时间自动更新回来

修改节点时间