0

I set up a cluster issuer, certificate, and ingress under my Kubernetes environment and everything is working fine as per status, but when I am connecting to the host as per my ingress, it's giving me "Your connection is not private".

CluserterIssuer output lastlines;-

...
Conditions:
    Last Transition Time:  2020-02-16T10:21:24Z
    Message:               The ACME account was registered with the ACME server
    Reason:                ACMEAccountRegistered
    Status:                True
    Type:                  Ready
Events:                    <none>

Certificate output last lines :- 

Status:
  Conditions:
    Last Transition Time:  2020-02-16T10:24:06Z
    Message:               Certificate is up to date and has not expired
    Reason:                Ready
    Status:                True
    Type:                  Ready
  Not After:               2020-05-14T09:24:05Z
Events:                    <none>

Ingress file:-

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
   name: b1-ingress  # change me
   namespace: b1
   annotations:
    kubernetes.io/ingress.class: "nginx"
    kubernetes.io/tls-acme: "true"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
     - '*.testing.example.com'
    secretName: acme-crt
  rules:
  - host: flower.testing.example.com
    http:
      paths:
      - backend:
          serviceName: flower-service
          servicePort: 5555

  - host: hasura.testing.example.com
    http:
      paths:
      - backend:
          serviceName: hasura-service
          servicePort: 80
me25
  • 497
  • 5
  • 18
  • Can you add cert-menager logs? Can you add clusterissuer/certificate yamls? Is certificate secret in the same namespace as ingress? – Jakub Apr 09 '20 at 12:47
  • NO, Secret is in another namespace, I hope i need to copy in this namespace. so you know any better way other than a copy. so my all-new spaces have that secret. – me25 Apr 09 '20 at 17:12
  • So, when you moved secret to `namespace: b1` everything works? [There](https://stackoverflow.com/questions/46297949/kubernetes-sharing-secret-across-namespaces) are a few tricks about copying secret from one namespace to other. – Jakub Apr 10 '20 at 06:11
  • 1
    yes everything worked when I copied secret in to namespace: b1 – me25 Apr 14 '20 at 09:00

2 Answers2

1

Based on cert menager documentation

certmanager.k8s.io/issuer - The Issuer must be in the same namespace as the Ingress resource.

As @me25 confirmed in comments

yes everything worked when I copied secret in to namespace: b1 – me25

The answer here was missing secret certificate in proper namespace.

The solution was to copy secret certificate to namespace: b1,same as the ingress.

Do you know any better way other than a copy secrets

This stackoverflow post provide few tricks about copying secret from one namespace to other.

Additional links:

Jakub
  • 8,189
  • 1
  • 17
  • 31
1

nginx server is using self-signed certificates and chrome does not trust that. usually when u click on "Advanced" tab, you should have an option that says "trust this website" or something like that and nginx server config does not show that. the solution is just type this on the keyword :

"thisisunsafe"

and error message will gone

Yilmaz
  • 35,338
  • 10
  • 157
  • 202