acme 登台环境显示无效证书
acme staging environment shows invalid certificate
我创建了一个 staging environment with cert-manager 如下:
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
email: stage@example.io
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: privateKeySecretRef
solvers:
- dns01:
digitalocean:
tokenSecretRef:
name: digitalocean-dns
key: access-token
selector:
dnsNames:
- "*.dev.svc.databaker.io"
- "*.stage.svc.databaker.io"
---
并为通配符域创建了证书 *.dev.svc.databaker.io
:
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: dev-cert-staging
namespace: dev
spec:
secretName: secretName
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
commonName: "*.dev.svc.databaker.io"
dnsNames:
- "*.dev.svc.databaker.io"
最后,一个入口对象:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
name: dashboard
namespace: dev
spec:
rules:
- host: dashboard.dev.svc.databaker.io
http:
paths:
- backend:
serviceName: dashboard
servicePort: 80
path: /
tls:
- hosts:
- '*.dev.svc.databaker.io'
secretName: secretName
当我调用页面 https://dashboard.dev.svc.databaker.io/ 时,它显示:
问题是,如果是正确的,它显示的证书无效?
没错,staging是为了测试证书的创建,对证书问题的限制很高
即使您的开发环境也可以使用生产证书颁发者,但它是有限的,因此请确保您没有乱发证书。
我创建了一个 staging environment with cert-manager 如下:
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
email: stage@example.io
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: privateKeySecretRef
solvers:
- dns01:
digitalocean:
tokenSecretRef:
name: digitalocean-dns
key: access-token
selector:
dnsNames:
- "*.dev.svc.databaker.io"
- "*.stage.svc.databaker.io"
---
并为通配符域创建了证书 *.dev.svc.databaker.io
:
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: dev-cert-staging
namespace: dev
spec:
secretName: secretName
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
commonName: "*.dev.svc.databaker.io"
dnsNames:
- "*.dev.svc.databaker.io"
最后,一个入口对象:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
name: dashboard
namespace: dev
spec:
rules:
- host: dashboard.dev.svc.databaker.io
http:
paths:
- backend:
serviceName: dashboard
servicePort: 80
path: /
tls:
- hosts:
- '*.dev.svc.databaker.io'
secretName: secretName
当我调用页面 https://dashboard.dev.svc.databaker.io/ 时,它显示:
问题是,如果是正确的,它显示的证书无效?
没错,staging是为了测试证书的创建,对证书问题的限制很高
即使您的开发环境也可以使用生产证书颁发者,但它是有限的,因此请确保您没有乱发证书。