Couldn't validate certificates for *.*.compute internal hostnames in AWS

10/12/2018

I've created K8S cluster in AWS and generated certificates per each component and they can connect eachother. But while I'm trying to get logs or installing an application via Helm, i'M getting below error :

$ helm install ./.helm
Error: forwarding ports: error upgrading connection: error dialing backend: x509: certificate is valid for bla-bla-bla.eu-central-1.elb.amazonaws.com, worker-node, .*.compute.internal, *.*.compute.internal, *.ec2.internal, bla-bla-bla.eu-central-1.elb.amazonaws.com, not ip-172-20-74-98.eu-central-1.compute.internal`

and my certificate is :

X509v3 Subject Alternative Name:
DNS:bla-bla-bla.eu-central-1.elb.amazonaws.com, DNS:worker-node, DNS:.*.compute.internal, DNS:*.*.compute.internal, DNS:*.ec2.internal, DNS:bla-bla-bla.eu-central-1.elb.amazonaws.com, IP Address:172.20.32.10, IP Address:172.20.64.10, IP Address:172.20.96.10`

Thanks for your help best,

-- Muhammet Arslan
amazon-web-services
kubernetes
kubernetes-helm

1 Answer

10/12/2018

Wildcard certificates can only be used for a single segment of DNS names. You will need a certificate valid for ip-172-20-74-98.eu-central-1.compute.internal or *.eu-central-1.compute.internal

-- Jordan Liggitt
Source: StackOverflow