I cannot add external certificate generated from cloudflare to certificates list.

The tutorial at https://www.digitalocean.com/docs/networking/load-balancers/how-to/ssl-termination/ doesn’t give enough information about the specs for the certificate and private key fields input.

the certificate from cloudflare contains two information: the certificate itself and the private key

certificate format is:
—–BEGIN CERTIFICATE—–

certificate_contents

—–END CERTIFICATE—–

private key format is:
—–BEGIN PRIVATE KEY—–

privatekeyscontents

—–END PRIVATE KEY—–

I tried every combination of ways but to no avail.

When I try copying the #certificate_contents into the digital ocean input form labeled “certificate”, I get an error of “not a valid certificate”

When I try copying the whole thing (—–BEGIN…END—–) into the both fields accordingly, no error but when I submit, it returns “either certificate or private key is not a valid PEB block”

Does anyone have this same problem?

What im trying to do is basically provide a secure connection to my kubernetes cluster which is now load balanced using a load balancer from DO. I’ve read the tutorial at https://www.digitalocean.com/docs/kubernetes/how-to/configure-load-balancers/ which points me to add an certificate annotation inside the service yaml file which requires an ID that is provided from a certificate which I will list in the settings > security > certificates. hence, the question.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Not exactly what you’re looking for, but I recently figured out how to create kubernetes certs from Let’s Encrypt PEM files: https://github.com/nabsul/k8s-letsencrypt

I create certs with this command:

kubectl create secret tls [your-cert-name] --cert=fullchain.pem --key=privkey.pem

I’m not sure about services, but I add the certificate to my ingress yaml definition.

It looks something like this:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: hello-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - hello.com
    secretName: hello-tls
  rules:
  - host: hello.com
    http:
      paths:
      - backend:
          serviceName: hello-world
          servicePort: 80
Submit an Answer