Question 98073 in Nginx Question posted in
The official documentation can be found here.

kubectl get certificates : No resources found using cert-manager – Nginx

I don’t undestand why i can’t get certificates on K8S using cert-manager

  • I installed cert-manager : https://github.com/cert-manager/cert-manager/releases/download/v1.7.1/cert-manager.crds.yaml

  • I created ClusterIssuer

    apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    email: [email protected]
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: example-issuer-account-key
    solvers:
    - http01:
        ingress:
          class: nginx

  • I created ingress

    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-staging
spec:
  rules:
    - host: mytest.example.fr
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: webapp
                port:
                  number: 80
  tls:
    - hosts:
        - mytest.example.fr
      secretName: letsencrypt-staging

enter image description here

But when i try to get an certificate i get ‘no resources found’
enter image description here

Any idea ?

Thank you for your help

Tags:

2

Answers


  1. 0

    Certificates are not created automatically by cert-manager.
    You have to create a YAML yourself. And use the issuer name that you have already created

    apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: my-certificate
  namespace: default
spec:
  secretName: set-a-new-name-here
  issuerRef:
    name: letsencrypt-staging
    kind: ClusterIssuer
  commonName: mytest.example.fr
  dnsNames:
    - mytest.example.fr
    Login or Signup to reply.
  2. 0

    If you don’t want to create kind certificate you can use

    apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: cluster-issuer-name
  namespace: development
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: secret-name
    solvers:
    - http01:
        ingress:
          class: nginx-class-name
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx-class-name
    cert-manager.io/cluster-issuer: cluster-issuer-name
    nginx.ingress.kubernetes.io/rewrite-target: /
  name: example-ingress
spec:
  rules:
  - host: sub.example.com
    http:
      .
      . #Path and service configs
      .
      .
  tls:
  - hosts:
    - sub.example.com
    secretName: secret-name

    ingress will call clusterisser and it will auto-create certificate for you.

    Update ingress resources as per need if you are higher version 1.18 or above

    Notes

    • Make sure you are using the URL https://acme-v02.api.letsencrypt.org/directory in clusterissue or else you will get fake certificate in browser.

    • For refrence you can read more here :
      https://stackoverflow.com/a/55183209/5525824

    • Make sure also you ingress pointing to proper clusterissuer if
      you have created new.

    • Also don’t use same privateKeySecretRef:name: secret-name you
      need to delete it or use the new name as fake certificate
      now stored in that secret so.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search