入口 nginx 证书管理器证书在浏览器上无效
Ingress nginx cert-manager certificate invalid on browser
我遇到了一个相当奇怪的问题,并且已经在这个问题上停留了 2 天。我有一个 kubernetes 集群 运行 nginx-ingress 和 cert-manager。尽管通过 HTTPS 访问我的网站时,一切似乎都运行良好,但出现以下错误(在 chromium edge 中):
NET::ERR_CERT_AUTHORITY_INVALID
如果我仍然继续,它会正常加载网站,但没有证书。
证书已正确提供,秘密已创建,任何地方都没有错误。
我的入口资源中有以下注释:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-production"
ingress.kubernetes.io/ssl-redirect: "true"
我的集群发行者:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
# The ACME production api URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: *********
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-production
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
证书资源returns:
Normal Issuing 108s cert-manager The certificate has been successfully issued
我对 kubernetes 比较陌生,所以如果我可以采取任何其他调试步骤,请告诉我。
您正在使用未提供有效证书的 acme staging server: https://acme-staging-v02.api.letsencrypt.org/directory 服务器。
要获得有效证书,您必须使用 acme 生产服务器 server: https://acme-v02.api.letsencrypt.org/directory。
你可以试试这个。
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
# The ACME production api URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: *********
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-production
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
我遇到了一个相当奇怪的问题,并且已经在这个问题上停留了 2 天。我有一个 kubernetes 集群 运行 nginx-ingress 和 cert-manager。尽管通过 HTTPS 访问我的网站时,一切似乎都运行良好,但出现以下错误(在 chromium edge 中):
NET::ERR_CERT_AUTHORITY_INVALID
如果我仍然继续,它会正常加载网站,但没有证书。
证书已正确提供,秘密已创建,任何地方都没有错误。
我的入口资源中有以下注释:
kubernetes.io/ingress.class: "nginx"
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: "letsencrypt-production"
ingress.kubernetes.io/ssl-redirect: "true"
我的集群发行者:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
# The ACME production api URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: *********
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-production
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
证书资源returns:
Normal Issuing 108s cert-manager The certificate has been successfully issued
我对 kubernetes 比较陌生,所以如果我可以采取任何其他调试步骤,请告诉我。
您正在使用未提供有效证书的 acme staging server: https://acme-staging-v02.api.letsencrypt.org/directory 服务器。
要获得有效证书,您必须使用 acme 生产服务器 server: https://acme-v02.api.letsencrypt.org/directory。
你可以试试这个。
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-production
spec:
acme:
# The ACME production api URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: *********
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-production
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx