I’m using a managed load balancer to route traffic into my Kubernetes cluster. When I created the load balancer it (per the docs) automatically set up the certificate via LetsEncrypt.
Some time later I added an ingress to handle a separate domain (not subdomain). So, while xyz.com
was originally registered, and a.xyz.com
and b.xyz.com
subdomains work as expected, with SSL encryption, when I added the ingress for mno.com
the certificate did not cover that domain. Essentially, I need a LetsEncrypt cert that covers multiple domains (a SAN or Subject Alternate Name cert that LetsEncrypt supports).
Notably traffic is correctly routed through the load balancer, just not encrypted (and so throws the ugly error in browsers).
My thought is that if I could force the cert to renew, it would fix itself (fingers crossed). I’m not sure the best way to do this, though, and could not find documentation or questions around it. I could destroy and rebuild the load balancer, but that seems extreme. It’s possible there is an on-cluster secret I could delete that would be detected as deleted and the managed service would create a new cert. But I’m not sure which secret that would be, and randomly binning secrets seems like a bad plan.
Any guidance for this? Thank you!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!