Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Help request] Traditional deployment failed if ssl is enabled #789

Open
jmcorne opened this issue Nov 12, 2024 · 1 comment
Open

[Help request] Traditional deployment failed if ssl is enabled #789

jmcorne opened this issue Nov 12, 2024 · 1 comment

Comments

@jmcorne
Copy link

jmcorne commented Nov 12, 2024

Hi team

I am trying to enable HTTPS in APISIX Gateway that I deployed in traditional mode using Helm chart version 2.10.0.
Here is the fragment of values.yaml used to deploy

apisix:
ssl:
enabled: true
existingCASecret: "secret-crt"
certCAFilename: "ca.crt"
fallbackSNI: "localhost"

The secret exists.

My pod doesn't start because of this error
nginx: [emerg] cannot load certificate "/usr/local/apisix/conf/cert/ssl_PLACE_HOLDER.crt"

I re-read the documentation and don't see any obvious (for me) error.

What did I miss?

Thanks for your help

@wofr
Copy link

wofr commented Nov 20, 2024

Do you have a secret created which holds your Certificate ?

In order to get your certifcate loaded create a certificate like this

apiVersion: v1
kind: Secret
metadata:
  name: apisix-ca-secret 
  namespace: <YOUR-NAMESPACE OR DEFAULT>
type: Opaque 
data:
  mycert.pem: <BASE64-ENCODED-PEM-CERTIFCATE>

deploy this certificate into your cluster.

Adapt your apisix values.yaml

  ssl:
      enabled: true
      existingCASecret: "apisix-ca-secret"
      # -- Filename be used in the apisix.ssl.existingCASecret
      certCAFilename: "mycert.pem"

and restart apisix. Now it should work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants