I set up a cluster issuer, certificate, and ingress under my Kubernetes environment and everything is working fine as per status, but when I am connecting to the host as per my ingress, it's giving me "Your connection is not private".
CluserterIssuer output lastlines;-
...
Conditions:
Last Transition Time: 2020-02-16T10:21:24Z
Message: The ACME account was registered with the ACME server
Reason: ACMEAccountRegistered
Status: True
Type: Ready
Events: <none>
Certificate output last lines :-
Status:
Conditions:
Last Transition Time: 2020-02-16T10:24:06Z
Message: Certificate is up to date and has not expired
Reason: Ready
Status: True
Type: Ready
Not After: 2020-05-14T09:24:05Z
Events: <none>Ingress file:-
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: b1-ingress # change me
namespace: b1
annotations:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- hosts:
- '*.testing.example.com'
secretName: acme-crt
rules:
- host: flower.testing.example.com
http:
paths:
- backend:
serviceName: flower-service
servicePort: 5555
- host: hasura.testing.example.com
http:
paths:
- backend:
serviceName: hasura-service
servicePort: 80Based on cert menager documentation
certmanager.k8s.io/issuer - The Issuer must be in the same namespace as the Ingress resource.
As @me25 confirmed in comments
yes everything worked when I copied secret in to namespace: b1 – me25
The answer here was missing secret certificate in proper namespace.
The solution was to copy secret certificate to namespace: b1,same as the ingress.
Do you know any better way other than a copy secrets
This stackoverflow post provide few tricks about copying secret from one namespace to other.
Additional links: