chrispytoes
Reputation: 1889
cert-manager letsencrypt issuing invalid certs
I followed this tutorial to serve a basic application using the NGINX Ingrss Controller, and cert-manager with letsencrypt.
I am able to visit the website, but the SSL certificate is broken, saying Issued By: (STAGING) Artificial Apricot R3.
This is my ClusterIssuer:
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: [email protected]
privateKeySecretRef:
name: letsencrypt-issuer
solvers:
- http01:
ingress:
class: nginx
And the Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-app-ingress-dev
namespace: my-app
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
spec:
tls:
- secretName: echo-tls
hosts:
- my-app.example.com
rules:
- host: my-app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app-dev
port:
number: 80
Upvotes: 5
Views: 4430
Answers (1)
coderanger
Reputation: 54211
LetsEncrypt staging is for testing, and does not issue certificates that are trusted by browsers. Use the production LE URL instead https://acme-v02.api.letsencrypt.org/directory
Upvotes: 15
Related Questions
- Cert-manager "remote error: tls: unrecognized name" errors
- Certificate issued by cert manager reads as "issued by: cert-manager.local" instead of Let's Encrypt and does not work
- kubernetes certs not working with let's encrypt cert-manager
- How to solve Cert-Manager letsencrypt issuer problem?
- cert-manager: let's encrypt refuses ACME account
- Lets Encrypt using Certbot fails in kubernetes (works with cert-manager though)
- Kubernetes cert-manager cannot access letsencrypt API server
- Can't get a TLS certificate in cert-manager
- Kubernetes cert-manager certificate generating error
- Kubernetes Let's Encrypt cert-manager Error secret not found