1. 起因
我删除域名服务商对顶级域名(即一级域名)的默认的重定向, 直接指向的我服务地址
使用的通配的二级域名证书
actiger.com, 浏览器弹出安全提示了.
发现, 通配的二级域名证书不能用在actiger.com的证书.
3. Ingress Nginx的配置my-nginx.yml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: nginx-space
name: my-nginx
spec:
tls:
- hosts:
- weini.actiger.com
- www.actiger.com
secretName: ingress-secret
- hosts:
- actiger.com
secretName: ingress-top-secret
rules:
- host: weini.actiger.com
http:
paths:
- backend:
serviceName: my-nginx
servicePort: 80
- host: www.actiger.com
http:
paths:
- backend:
serviceName: my-nginx
servicePort: 80
- host: actiger.com
http:
paths:
- backend:
serviceName: my-nginx
servicePort: 80
- host: test.actiger.com
http:
paths:
- backend:
serviceName: my-nginx
servicePort: 80
4. 配置域名解析到服务IP, 测试https有没有生效
curl -vL actiger.com
# 类似下面的表示证书配置成功
* Ignoring the response-body
* Connection #0 to host actiger.com left intact
* Issue another request to this URL: 'https://actiger.com/'
* Trying <ip>...
* TCP_NODELAY set
* Connected to actiger.com (<ip>) port 443 (#1)
* ALPN, offering http/1.1
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: actiger.com
* Server certificate: Let's Encrypt Authority X3
* Server certificate: DST Root CA X3
> GET / HTTP/1.1
> Host: actiger.com
> User-Agent: curl/7.63.0
> Accept: */*