Mic*_*aes 1 kubernetes kubernetes-ingress cert-manager nginx-ingress
我遇到了一个相当奇怪的问题,并且已经被困在这个问题上两天了。我有一个运行 nginx-ingress 和 cert-manager 的 kubernetes 集群。一切似乎都工作正常,但当通过 HTTPS 访问我的网站时,它给出以下错误(在 chromium Edge 中):
NET::ERR_CERT_AUTHORITY_INVALID
如果我继续,它会正常加载网站,但没有证书。
证书已正确给出,秘密已创建,任何地方都没有错误。
我的入口资源中有以下注释:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-production"
ingress.kubernetes.io/ssl-redirect: "true"
我的集群发行者:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
# The ACME production api URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: *********
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-production
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
证书资源返回:
Normal Issuing 108s cert-manager The certificate has been successfully issued
我对 kubernetes 比较陌生,所以请告诉我是否可以采取任何其他调试步骤。
您使用的 acme stagingserver: https://acme-staging-v02.api.letsencrypt.org/directory服务器不提供有效的证书。要获得有效的证书,您必须使用 acme 生产服务器 server: https://acme-v02.api.letsencrypt.org/directory。你可以试试这个。
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
# The ACME production api URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: *********
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-production
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
| 归档时间: |
|
| 查看次数: |
2451 次 |
| 最近记录: |