Ingress nginx cert-manager 证书在浏览器上无效
[英]Ingress nginx cert-manager certificate invalid on browser
问题描述
I am experiencing a rather weird issue and have been stuck on this for 2 days.
我遇到了一个相当奇怪的问题,并且已经坚持了 2 天。 I have a kubernetes cluster running nginx-ingress and cert-manager.我有一个运行 nginx-ingress 和 cert-manager 的 kubernetes 集群。 Everything seems to be working fine though when visiting my website through HTTPS, it gives the following error (in chromium edge):尽管通过 HTTPS 访问我的网站时,一切似乎都运行良好,但出现以下错误(在 Chromium 边缘):
NET::ERR_CERT_AUTHORITY_INVALID
If I continue anyways, it loads the site normally but without the certificate.如果我继续,它会正常加载站点但没有证书。
The certificate is properly being given, secret created, no errors anywhere.正确提供证书,创建秘密,任何地方都没有错误。
I have the following annotations in my ingress resource:我的入口资源中有以下注释:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-production"
ingress.kubernetes.io/ssl-redirect: "true"
My cluster issuer:我的集群发行者:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
# The ACME production api URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: *********
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-production
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
The certificate resource returns:证书资源返回:
Normal Issuing 108s cert-manager The certificate has been successfully issued
I am relatively new to kubernetes so let me know if there are any other debugging steps I can take.我对 kubernetes 比较陌生,所以如果我可以采取任何其他调试步骤,请告诉我。
1 个解决方案
解决方案1
3 已采纳 2020-10-26 16:50:33
You are using acme staging server: https://acme-staging-v02.api.letsencrypt.org/directory server which does not provide valid certificate.您正在使用 acme 登台server: https://acme-staging-v02.api.letsencrypt.org/directory服务器,该服务器未提供有效证书。 To get valid certificate you have to use acme production server server: https://acme-v02.api.letsencrypt.org/directory .要获得有效证书,您必须使用 acme 生产服务器server: https://acme-v02.api.letsencrypt.org/directory 。 you can try this.你可以试试这个。
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
# The ACME production api URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: *********
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-production
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.