K3s: Remote kubectl x509: certificate is valid for 127.0.0.1

Did you note the --tls-san option? You can use this to add additional hostnames that the cert is valid for.

   --tls-san value                            (listener) Add additional hostname or IP as a Subject Alternative Name in the TLS cert

https://rancher.com/docs/k3s/latest/en/installation/install-options/#registration-options-for-the-k3s-server

Thanks,
Is that a new option? I never had to use that before.
Should I put it directly inside the systemd file? or somewhere else?

By default it seems to add a bunch of SANs, including one for the eth0 address. Did you pass it any odd arguments that might have changed that?

X509v3 Subject Alternative Name:
    DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc.cluster.local, DNS:localhost, IP Address:10.0.1.20, IP Address:10.43.0.1, IP Address:127.0.0.1

If you want to change it, I think you need to reinstall from scratch since it only generates the certificate on initial startup or when it's about to expire.

Thanks, it's working now:
I reinstalled using
curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--tls-san x.x.x.x" sh -s -

To give a little more context, the server is Scaleway cloud instance.
The public IP is external, it doesn't show up on ifconfig. That's probably why it's not added during the default install.

But what I don't understand is that I have an older cloud instance, where I installed k3s few months ago, and did'nt had to do that.

Anyway. Thanks again.

Thanks a lot for the snippet! That helped a lot!