证书管理器 letsencrypt 颁发无效证书
cert-manager letsencrypt issuing invalid certs
我跟随 this tutorial 使用 NGINX Ingrss 控制器和带有 letsencrypt 的证书管理器为基本应用程序提供服务。
我可以访问该网站,但 SSL 证书已损坏,显示 Issued By: (STAGING) Artificial Apricot R3
。
这是我的 ClusterIssuer
:
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: my-email@example.com
privateKeySecretRef:
name: letsencrypt-issuer
solvers:
- http01:
ingress:
class: nginx
和 Ingress
:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-app-ingress-dev
namespace: my-app
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
spec:
tls:
- secretName: echo-tls
hosts:
- my-app.example.com
rules:
- host: my-app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app-dev
port:
number: 80
LetsEncrypt 暂存用于测试,不颁发浏览器信任的证书。使用生产 LE URL 而不是 https://acme-v02.api.letsencrypt.org/directory
我跟随 this tutorial 使用 NGINX Ingrss 控制器和带有 letsencrypt 的证书管理器为基本应用程序提供服务。
我可以访问该网站,但 SSL 证书已损坏,显示 Issued By: (STAGING) Artificial Apricot R3
。
这是我的 ClusterIssuer
:
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-issuer
namespace: cert-manager
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: my-email@example.com
privateKeySecretRef:
name: letsencrypt-issuer
solvers:
- http01:
ingress:
class: nginx
和 Ingress
:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-app-ingress-dev
namespace: my-app
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
spec:
tls:
- secretName: echo-tls
hosts:
- my-app.example.com
rules:
- host: my-app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-app-dev
port:
number: 80
LetsEncrypt 暂存用于测试,不颁发浏览器信任的证书。使用生产 LE URL 而不是 https://acme-v02.api.letsencrypt.org/directory