Hello,
Using kubernetes to host multiple sites (different domains) with a same external ip, we ran into the 100 domains limit per certificate. letsencrypt generated one single certificate for all the domains.
I've spent quite some time searching the internet, but I cannot find a proper solution.
What I would like to do is to modify my "issuer.yaml" so that it generates a single certificate per domain, even if they all have the same public ip.
How may I do this?
Thanks,
Fred
No, Kubernetes (or Cert Manager, or Traefik, or whatever component you're using to get certificates) requested one single certificate for all the domains. Let's Encrypt did as requested.
That seems like a good solution.
Ask the Kubernetes folks?
This has nothing to do with IP addresses, but all with your ACME client configuration.
To help you further, we need more details from you:
As you're using k8s, what is your ACME client? Are you using cert-manager or something different?
What is your cluster ingress? Can you share the configuration?
@Nummer378 thanks for you answer, we're using cert-manager.
Okay, that's a start. How are you issuing certificates via cert-manager? Are you using an ingress configuration? Perhaps something similar to this? Can you share more details about your configuration?
@Nummer378 Ok, I figured it out, in my ingress configuration I had only one "tls" config for all hosts, therefore cert-manager issued a single certificate for all of those hosts instead of a single certificate per host... Thanks for your help.