How to use digicert with nginx-ingress to enable https

Question

I'm trying to use the certificates obtained through digicert to enable https on my nginx-ingress. We've obtained a wildcard certificate and I have the following files.

domain_name_2019-2021.csr
domain_name_2019-2021.key
domain_name_2019-2021.pem
DigiCertCA2_2019-2021.pem
star_domain_name_2019_2021.pem
TrustedRoot.pem

I've created the tls secrets by running the following commands

kubectl create secret tls tls-secret --key ${KEY_FILE} --cert ${CERT_FILE}

And used these secrets in my ingress configuration like so

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress-service
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  tls:
    - hosts:
       - {{ .Values.host }}
      secretName: tls-secret
  rules:
    - host: {{ .Values.host }}
      http:
        paths:
          - path: /
            backend:
              serviceName: service_name
              servicePort: 443

However when browse to subdomain.domain_name.com I get an invalid certificate with an error of This certificate has not been verified by a third party. And the certificate its using says Kubernetes Ingress Controller Fake Certificate

Answer 1

you can follow this, to install Jetstack cert-manager, once you make this installed, please follow this stackoverflow post.

It will solve your query.

The current certificates created by you are not necessary for this, here the certificate will be automatically created by jetstack once it would be able to get the acme challenge verified, for that verification sake you need to map the DNS or hostname to the Load balancer IP of nginx.

This should solve your purpose to get http to https conversion