Comments (2)
It's currently not even possible to use wildcard certificate manually imported certificates as the loadbalancer stack fails with the error: [error] Psych::SyntaxError : (loadbalancer.yml): did not find expected alphabetic or numeric character while scanning an alias at line 16 column 18 Where that line is the subject line of the certificates using the *.domain.tld format.
That's a syntax error in the YAML, try quoting it:
certificates:
subject: "*.example.com"
AFAIK wildcard certs should work, that's a separate bug if they do not.
Now that Letsencrypt finally supports wildcard certificates it would be nice to get wildcard support directly to the Kontena loadbalancer.
Not trivial to implement fully automated support for wildcard certs, because LE only issues wildcard certs for dns-01 challenges. We could support kontena certificate authorize --type dns-01 *.example.com
if we upgraded to the ACMEv2 API, but that will require manual updating of the DNS TXT records for renewals. Automating dns-01 challenges would require integration with external DNS providers, which is a major task.
OTOH, wildcard certs wouldn't even be strictly necessary if the Kontena LE integration were further improved to make it much easier to deploy new services with new non-wildcard LE certificates: #1791 #2958
from kontena.
Here's a manual workaround:
- Download
certbot
- Run
certbot -d *.mywildcarddomain.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory certonly
- Add the DNS TXT entry
- Run
kontena certificate import --key /etc/letsencrypt/live/mywildcarddomain.com/privkey.pem /etc/letsencrypt/live/mywildcarddomain.com/cert.pem
kontena stack upgrade <ingress stack> kontena/ingress-lb
The last step will work properly after kontena/kontena-stacks#28 has been merged. Meanwhile you can copy the stack file from the pull request and use it to upgrade the load balancer.
from kontena.
Related Issues (20)
- Renew LE certs automatically sooner than 7 days before expiration
- Node update does not take multiple nodes as params
- CLI specs fail because of a broken dependency HOT 1
- Ruby 2.2 EOL
- bind-mounts of existing files on stateful containers fail: cannot mount volume over existing file, file exists
- kontena node rm can be used to remove connected Kontena Cloud nodes without terminating them
- CLI: warning: already initialized constant TTY::Screen::VERSION HOT 1
- E2e: Login timeout HOT 5
- CLI: kontena stack validate prompts can't be exited using ctrl-c
- Graceful shutdown e2e spec almost always fails HOT 1
- Env missing for setting global haproxy options HOT 3
- Kontena master insecure SSL configuration
- CLI omnibus debian builds broken with ftp://xmlsoft.org => 425 Security: Bad IP connecting HOT 3
- [CLI] Command autocompletion is out of date for some entries
- Gem.gunzip deprecation notice from unicode-display_width
- Can't login to newly created DigitalOcean kontena master. HOT 3
- Volume added to stack file does not get added to service on stack upgrade HOT 4
- Tag in fluentd forwarded logs is invalid if the node name contains dots
- Kontena site is down HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kontena.