I am trying to run microk8s on my local server and hosting nextcloud in it. However hosting of nextcloud itself works, the part with ingress is going to be pain in my neck. I run into HSTS problems and can't figure out why my self-signerd certificate won't be accepted. For creating certificate I used cert-manager.

Steps that I have done: 1. Create the issuer

apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: nc-issuer
spec:
  selfSigned: {}

2. Create the certificate:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: nc-tls
spec:
  secretName: nc-tls
  dnsNames:
  - "*.nextcloud.svc.cluster.local"
  - "*.nextcloud"
  - "ingress.local"
  - "nc.local.dev"
  issuerRef:
    name: nc-issuer

3. Validating the secret results with:

kubectl get secret -n nextcloud
NAME                  TYPE                                  DATA   AGE
nc-tls                kubernetes.io/tls                     3      13d

4. Validating the certificate

openssl x509 -in <(kubectl -n nextcloud get secret \
  nc-tls -o jsonpath='{.data.tls\.crt}' | base64 -d) \
  -text -noout

results with:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:09:12:0e:1e:...
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: 
        Validity
            Not Before: Nov  7 08:52:54 2020 GMT
            Not After : Feb  5 08:52:54 2021 GMT
        Subject: 
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:99:ab:46:9c:bb:07:32:0e:45:e4:58:a2:7e:
                    53:03:c9:5b:57:2a:e6:6c:72:98:71:e1:6b:1a:ad:
                    a5:c7:e0:b9:c6:71:f5:9e:d8:7e:71:f6:29:0e:c0:
                    68:ba:0d:09:5d:85:93:ee:7e:b7:88:7c:06:71:23:
                    22:23:0b:cf:c9:bd:9c:86:23:8b:65:e2:f5:28:87:
                    df:aa:16:47:93:92:59:62:ac:76:51:4a:a6:54:5a:
                    c4:da:d2:58:b4:dc:5a:a4:35:77:ee:64:4f:cd:1d:
                    a8:c5:96:86:5c:85:b0:ab:82:ae:77:78:2a:a0:06:
                    e4:b0:93:5f:e9:aa:25:91:...
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Alternative Name: critical
                DNS:*.nextcloud.svc.cluster.local, DNS:*.nextcloud, DNS:ingress.local, DNS:nc.local.dev
    Signature Algorithm: sha256WithRSAEncryption
         3b:f3:40:c4:7e:d4:e3:8c:ed:c8:37:a8:81:8d:89:ee:5d:e1:
         84:93:97:7b:81:ed:51:0d:3a:b4:50:ce:18:49:71:3e:fe:95:
         9b:f1:92:dd:7e:62:df:14:55:50:be:1a:69:e6:80:c7:1e:03:
         e9:a1:3a:1f:41:c5:9f:35:89:df:c5:46:29:a6:65:93:30:87:
         78:c4:54:9e:e2:7a:28:9d:56:f3:98:35:de:71:c5:b9:4b:91:
         91:2f:63:a2:ec:9f:f9:00:6f:...

More information about that you can find in this tutorial, which I followed: https://tech.paulcz.net/blog/creating-self-signed-certs-on-kubernetes/

Any ideas why the certificate won't be accepted?