Trying to switch to prod cert, but it looks like staging

My domain is: ci.possumlab.com

I ran these command, it is part of a script that does a full setup and teardown of a kubernetes setup.
Full files (obfuscated some azure Id’s) at https://github.com/BasHamer/LetsEncryptAzure easy link for test results https://letsdebug.net/ci.possumlab.com/42755

Write-Host “////// nginx-ingress”
helm install stable/nginx-ingress --namespace kube-system
–set controller.service.loadBalancerIP="$($staticIp)" --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux
–set defaultBackend.nodeSelector.“beta.kubernetes.io/os”=linux --set controller.replicaCount=1
–timeout 600 `
–wait

Write-Host “////// cluster-issuer”
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.8/deploy/manifests/00-crds.yaml
kubectl create namespace cert-manager
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true

helm repo add jetstack https://charts.jetstack.io
helm repo update

helm install --name cert-manager
–namespace cert-manager --version v0.8.0
jetstack/cert-manager

kubectl apply -f cluster-issuer.yaml

Write-Host “////// routes”
kubectl apply -f “route.yaml”

Write-Host “////// certificates”
kubectl apply -f “certificates.yaml”

-------------------------------cluster-issuer.yaml-------------------------------
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
name: letsencrypt-prod
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: bas@possumlabs.com
privateKeySecretRef:
name: letsencrypt-prod
http01: {}
-------------------------------route.yaml-------------------------------
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ci-ingress
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
spec:
tls:

  • hosts:
  • host: ci.possumlab.com
    http:
    paths:
    • path: /
      backend:
      serviceName: possum-lab-ci
      servicePort: 4446
      -------------------------------certificates.yaml-------------------------------
      apiVersion: certmanager.k8s.io/v1alpha1
      kind: Certificate
      metadata:
      name: tls-secret
      namespace: cert-manager
      spec:
      secretName: tls-secret-prod
      dnsNames:
  • ci.possumlab.com
    acme:
    config:
    • http01:
      ingressClass: nginx
      domains:

The operating system my web server runs on is (include version): kubernetes

My hosting provider, if applicable, is: Azure / kubernetes

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi @BasHamer

looks like your certificate creation doesn't work. Checked via https://check-your-website.server-daten.de/?q=ci.possumlab.com#ct-logs - there is no certificate found.

Not via Certspotter, not via crt.sh.

And the certificate:

CN=Kubernetes Ingress Controller Fake Certificate, O=Acme Co (8959)
	06.06.2019
	05.06.2020
expires in 364 days	ingress.local - 1 entry

is a Kubernetes Test certificate, not from the Letsencrypt staging system.

1 Like

Thanks, that helps me a lot :slight_smile: back to the guides to find what I’ve missed.

The no errors was confusing me, now I know I have not actually turned it on yet.

1 Like

got it, my namespaces were miss aligned.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.