It's not just a matter of making sure the DNS resolves to your API server node's IP address, it is that you generate the certificate with the subjectAltName by which you will be calling it. In the case of the documentation [here](https://coreos.com/kubernetes/docs/latest/openssl.html), this would be the MASTER_DNS_NAME (or MASTER_HOST) that needs to be set.... and then the cert generated. You will have to regenerate your apiserver's certificate.
On Fri, Jun 10, 2016 at 11:15 AM Gary Denner <[email protected]> wrote: > Thanks Seán, I did that, I pointed to the my domain that was created on > route53 in AWS but it still seems to say the Certificate is invalid for it, > anything I need to do to fix that? > > > On Friday, June 10, 2016 at 3:50:32 PM UTC+1, Gary Denner wrote: >> >> Folks >> >> Any idea how to fix this, we are running this script >> >> https://coreos.com/kubernetes/docs/latest/kubernetes-on-aws.html >> >> And all looks good, it provisions the stuff in AWS, sets up the security >> groups and all is good (so you think) >> >> then you run sudo /usr/local/bin/kubectl --kubeconfig=kubeconfig get >> nodes and it returns with Unable to connect to the server: x509: >> certificate is valid for kubernetes, kubernetes.default, >> kubernetes.default.svc, kubernetes.default.svc.cluster.local, >> kube-prod-dns, not kube.beta.mydomain.com? >> >> Any help much appreciated. >> >> >> >> -- Seán C McCord CyCore Systems, Inc +1 888 240 0308
