Https certificate (Alternative to Let’s Encrypt)¶

Let’s Encrypt normally automatically handle certificate generation but in some case manual configuration is preferred. Let’s encrypt will fail to generate a valid certificate if the server is not exposed to a public ip address or if the DNS records does not point to the right place. To manually create the certificate you will need the following information:

Variable	Definition
NAME	The helm instance name (can be optained using helm ls)
KEY	the file containing the RSA key
CERT	the certificate with chain

Note

The certificate must contains all intermediates and the root certificate. They must be concatenated in order of precision (certificate, intermediate certificate, root certificate)

Here is the command to add the tls secret:

kubectl create secret tls <NAME>-des-tls \
        --key=<KEY> \
        --cert=<CERT>

Https certificate (Alternative to Let’s Encrypt)¶

Digital Enterprise Server

Navigation

Related Topics