Letsencrypt Openssl verification failed kubectl

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: *.mevofit.com

I ran this command: certbot certonly --manual -d *.mevofit.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

I have generated ssl from this command and upload it to nginx ingress controller with following command:

# kubectl create secret tls mevofit-wildcard-ssl-certs --namespace mevofit --key privkey.pem --cert cert.pem

I used privkey.pem and cert.pem to generate kubernetes secret.

I am getting openssl verification failed in backend application.

Hi @karamjitsingh, and welcome to the LE community forum :slight_smile:

I know little about kubernetes...
But I would try using the fullchain.pem file instead of the cert.pem file.
If that fails, check if the cert type is as expected [RSA vs ECDSA].
If that fails... we should wait for more expirienced helpers.


I also don't know anything about kubernetes (and I want to keep it that way), but your site mevofit.com is serving an Amazon certificate chained up to the "Starfield Technologies, Inc." root certificate.


@rg305 I am able to fix issue by using fullchain.pem instead of cert.pem



Interesting. Didn't know that Amazon had a cross-sign (or two) from GoDaddy. :thinking:


no we setup this for testing purpose we are shifting application to kubernetes current live mevofit.com is still pointing AWS LB

That comment was about Amazon's "root" certificate, not your certificate. :slightly_smiling_face:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.