Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Help Wanted - I assume this is an easy question.. #2271

Closed
oze4 opened this issue Oct 23, 2019 · 2 comments
Closed

Help Wanted - I assume this is an easy question.. #2271

oze4 opened this issue Oct 23, 2019 · 2 comments

Comments

@oze4
Copy link

oze4 commented Oct 23, 2019

I am new to cert-manager and was wondering how exactly it works for multiple domains.. can I re-use the same ClusterIssuer for many certs? or is one ClusterIssuer good for only one cert/secret?

I am trying to use the same ClusterIssuer to create 2 certs for 2 different ingresses/domains.

The first one works just fine, but when i try to create the second one cert-manager will only create the fake cert - and I get this error in the logs:

certificate resource is not owned by this ingress. refusing to update non-owned certificate resource for ingress

...any idea what I'm doing wrong? Does each ingress resource need its own issuer?
@oze4
Copy link
Author

oze4 commented Oct 23, 2019
edited

Thanks for the help on Slack, Joshua Van Leeuwen!

Each ingress needs to have a unique secretName: I_need_to_be_unique - I was under the impression each ingress' secretName had to match the

    privateKeySecretRef:
      name: letsencrypt-prod

within the ClusterIssuer, but it does not have to match..

@oze4 oze4 closed this as completed Oct 23, 2019
jasoncabot added a commit to jasoncabot/fallen that referenced this issue Jan 29, 2020
@jasoncabot
Updated secretName to be cluster-unique
8508a6e 
cert-manager was unable to issue certificates for the backend ingress with error: 'certificate resource is not owned by this ingress'

This was caused by a misunderstanding of `secretName` since it isn't a reference to an existing k8s secret that is read but instead where the TLS certificate is going to be written to

See: cert-manager/cert-manager#2271
@Hild-Franck Hild-Franck mentioned this issue Feb 6, 2020
Closed
@flmmartins
Copy link

flmmartins commented Feb 18, 2021
edited

@jasoncabot and @oze4 Thanks so much for this issue! It really helped. Can we please clarify the documentation about the use of secrets in the ingress?

@flmmartins flmmartins mentioned this issue Feb 18, 2021
Merged
@m-delfino m-delfino mentioned this issue May 25, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@flmmartins @oze4