I am using following document to implement https on kubernetes deployed application : https://docs.microsoft.com/en-us/azure/aks/ingress-tls
I am getting "Certificate does not exist" . i have used cluster issuer and "letsencrypt-prod" . i have following certificates :
acme-crt
acme-crt-secret
cert-mgr-webhook-ca
cert-mgr-webhook-webhook-tls
tls-secret
why i am getting "certificate does not exist" when i describe certificate ?
`Name: acme-crt-secret
Namespace: <name-space>
Labels: <none>
Annotations: <none>
API Version: certmanager.k8s.io/v1alpha1
Kind: Certificate
Metadata:
Creation Timestamp: 2019-07-19T07:41:46Z
Generation: 2
Owner References:
API Version: extensions/v1beta1
Block Owner Deletion: true
Controller: true
Kind: Ingress
Name: starc
UID: <Id>
Resource Version: <version>
Self Link: /apis/certmanager.k8s.io/v1alpha1/namespaces/<name-space>/certificates/acme-crt-secret
UID: <Uid>
Spec:
Acme:
Config:
Domains:
starcapp.com
Http 01:
Ingress:
Ingress Class: nginx
Dns Names:
starcapp.com
Issuer Ref:
Kind: ClusterIssuer
Name: letsencrypt-prod
Secret Name: acme-crt-secret
Status:
Conditions:
Last Transition Time: 2019-07-19T07:41:46Z
Message: Certificate does not exist
Reason: NotFound
Status: False
Type: Ready
Events: <none>`Try to specify namespace in your certificate configuration file.
Look at example ertificate configuration file:
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: tls-secretnamespace: ingress-basic
spec:
secretName: tls-secret-staging
dnsNames:
- demo-aks-ingress.eastus.cloudapp.azure.com
acme:
config:
- http01:
ingressClass: nginx
domains:
- demo-aks-ingress.eastus.cloudapp.azure.com
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuerThen exec command:
$ kubectl apply -f your-certificate-filename.yamlMake sure the secret is in the cert-manager namespace.
Create a certificate manual as well. Once you 'forced' cert-manager to create a certificate, he was good to go en auto created certificates as well.