2.2版本的rancher证书过期，docker会频繁重启报错：

08:51:46.160121 I | http: TLS handshake error from 127.0.0.1:33140: remote error: tls: bad certificate
E0814 08:51:46.160212       6 reflector.go:134] k8s.io/client-go/informers/factory.go:127: Failed to list *v1.ReplicationController: Get https://localhost:6443/api/v1/replicationcontrollers?limit=500&resourceVersion=0: x509: certificate has expired or is not yet valid

解决方法如下：

关闭时间自动同步，将时间调整到稍早一些、还能正常使用的日期

# 关闭ntp同步，防止时间自动更新回来
timedatectl set-ntp false
# 修改节点时间
timedatectl set-time '2020-07-01 00:00:00'

通过docker ps|grep rancher命令，获得rancher的容器id，如xxx：

rancher_server_id=xxx

docker exec -ti ${rancher_server_id} mv /var/lib/rancher/management-state/tls/localhost.crt /var/lib/rancher/management-state/tls/localhost.crt-bak
docker exec -ti ${rancher_server_id} mv /var/lib/rancher/management-state/tls/localhost.key /var/lib/rancher/management-state/tls/localhost.key-bak
docker restart ${rancher_server_id}

重新开启时间同步，并同步到正常的日期，并重启rancher的容器：

timedatectl set-ntp yes //开启时间动态更新
ntpdate ntp3.aliyun.com
docker restart ${rancher_server_id}

重启后，就能看到rancher恢复正常了

参考：https://docs.rancher.cn/rancher2x/admin-manual/rotate-cert.html#%E8%AF%81%E4%B9%A6%E5%B7%B2%E8%BF%87%E6%9C%9F