Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assigned cert isn't used if default cert CN or SAN match the hostname #687

Closed
leptonyu opened this issue Oct 31, 2020 · 1 comment
Closed

Assigned cert isn't used if default cert CN or SAN match the hostname #687

leptonyu opened this issue Oct 31, 2020 · 1 comment
Labels
kind/bug
Milestone
v0.10

Comments

@leptonyu
Copy link

Description of the problem

I config --default-ssl-certificate=cert-manager/cert-tls and

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: somename
spec:
  tls:
  - hosts:
    - example.com
    secretName: blog-cert-tls

both cert-manager/cert-tls and blog-cert-tls signed with CN example.com.

It should be use cert from blog-cert-tls, but turns out to be always cert-manager/cert-tls. This behavior is not right.

/ # cat /etc/haproxy/maps/_front001_bind_crt.list
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# #
# #   HAProxy Ingress Controller
# #   --------------------------
# #   This file is automatically updated, do not edit
# #
#
/ingress-controller/ssl/cert-manager_cert-tls.pem
/ingress-controller/ssl/default_blog-cert-tls.pem example.com

Using haproxy-ingress v0.10.1
@jcmoraisjr jcmoraisjr changed the title Order of certs with default-ssl-certificate and override secretName Assigned cert isn't used if default cert CN or SAN match the hostname Nov 2, 2020
@jcmoraisjr jcmoraisjr added this to the v0.10 milestone Nov 2, 2020
@jcmoraisjr jcmoraisjr mentioned this issue Nov 19, 2020
Merged
@jcmoraisjr
Copy link
Owner

Thanks for the report! Fixed in v0.10.3. Closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
v0.10
Development

No branches or pull requests
2 participants
@jcmoraisjr @leptonyu