Skip to content
This repository has been archived by the owner on Feb 9, 2022. It is now read-only.

Make services work and trust LE staging certificates, when letsencrypt_environment is set to "staging" #1012

Open
floek opened this issue Dec 15, 2020 · 3 comments
Open

Make services work and trust LE staging certificates, when letsencrypt_environment is set to "staging" #1012

floek opened this issue Dec 15, 2020 · 3 comments

Comments

@floek
Copy link

floek commented Dec 15, 2020

Hi,

I've set cert_manager/letsencrypt_environment to staging for testing purposes. The services are not working, because they don't trust oauth, presenting an LE staging certificate:

[2020/12/15 10:04:26] [oauthproxy.go:798] Error redeeming code during OAuth2 callback: Post "https://my-domain.com/auth/realms/BKPR/protocol/openid-connect/token": x509: certificate signed by unknown authority

Please let the services trust LE staging, when staging is used, for testing.

Thanks,
Floek
@javsalgar
Copy link
Contributor

Hi,

oauth2-proxy has a setting for allowing insecure ssl validation. --ssl-upstream-insecure-skip-validation. Would this work for your case? Right now, for testing purposes, could you try editing the oauth2-proxy pod an add this argument to it?

@floek
Copy link
Author

floek commented Dec 16, 2020
edited
Loading

Hi,

yes, setting this to true works for me. At least a jsonnet override snippet and some docu would be fine.

@javsalgar
Copy link
Contributor

Thanks for the feedback! Yes, it would be interesting adding a small section in our documentation to cover this use case. I will forward this information for evaluation.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@javsalgar @floek