Nginx Question posted in
The official documentation can be found here.

How to setup a Kubernetes secret using GoDaddy certs for Nginx Ingress controller

I’m struggling to setup a kubernetes secret using GoDaddy certs in order to use it with the Ingress Nginx controller in a Kubernetes cluster.

I know that GoDaddy isn’t the go-to place for that but that’s not on my hands…

Here what I tried (mainly based on this github post):

I have a mail from GoDaddy with two files: generated-csr.txt and generated-private-key.txt.

Then I downloaded the cert package on GoDaddy’s website (I took the "Apache" server type, as it’s the recommended on for Nginx). The archive contains three files (with generated names): xxxx.crt and xxxx.pem (same content for both files, they represent the domain cert) and gd_bundle-g2-g1.crt (which is the intermediate cert).

Then I proceed to concat the domain cert and the intermediate cert (let’s name it chain.crt) and tried to create a secret using these file with the following command:

kubectl create secret tls organization-tls --key generated-private-key.txt --cert chain.crt

And my struggle starts here, as it throw this error:

error: tls: failed to find any PEM data in key input

How can I fix this, or what I’m missing?

Sorry to bother with something trivial like this, but it’s been two days and I’m really struggling to find proper documentation or example that works for the Ingress Nginx use case…

Any help or hint is really welcome, thanks a lot to you!

Tags:

2

Answers


  1. 0

    This is a Community Wiki answer, posted for better visibility, so feel free to edit it and add any additional details you consider important.

    As OP mentioned in comments, the issue was solved by adding a new line in the beginning of the file.

    "The key wasn’t format correctly as it was lacking a newline in the
    beginning of the file. So this particular problem is now resolved."

    Similar issue was also addressed in this answer.

    Login or Signup to reply.
  2. 0

    The issue is tricky but easy to fix.

    The private key file given by GoDaddy is not properly encoded: it is encoded in UTF8 with BOM, so it starts with a byte that shouldn’t be there. It is not understood by nginx ingress when ingesting the private key, and leads to the error.

    The simple fix is to run the following command to properly encode the private key file:

    iconv -c -f UTF8 -t ASCII generated-private-key.txt > generated-private-key-anssi.txt

    And then you get the base64 private key as usual:

    cat generated-private-key-anssi.txt | base64 -w 0

    Now, the ingress properly gets the ssl certificate. In case you need to see the logs of the ingress to see how the CERT is processed, just list pods & logs in the ingress-nginx namespace.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search