I have an ingress properly set up with a properly configured TLS secret (and the secret is correctly in the same namespace as the ingress) yet for some reason when browsing to the endpoint the nginx controller is utilizing the default "Fake Kubernetes Certificate" rather than the one from my configured and specified TLS secret. Why would this be happening?
Asked
Active
Viewed 107 times
1 Answers
0
After much digging I determined why this was happening to me and thought I would share with others.
I had been creating my certificate using Step CA. My ingress (and by extension my certificate) were set to work properly for two different hostnames. When creating the certificate I had specified one of the hostnames as the Subject of the TLS certificate and the other as a Subject Alternate Name (which I do think is a valid thing to do). For some reason though, for the hostname that was set as the Subject of the TLS cert, the Nginx controller was determining that the cert was not valid and so it was returning its default "Fake Kubernetes Certificate".
The solution was that I re-created the TLS certificate, and specified the Subject as a Subject and as a Subject Alternate Name along with the original SAN that I had already specified. Once both were listed as SANs, then the Nginx controller was able to properly identify my configured TLS cert as valid and began returning it correctly.
pooley1994
- 723
- 4
- 16