Use case
I deployed the nginx ingress controller in my Kubernetes cluster using this helm chart:
https://github.com/helm/charts/tree/master/stable/nginx-ingress
I created an ingress resource for my frontend serving webserver and it is supposed to redirect from non-www to the www version. I am using SSL as well.
The problem
When I visit the www version of my website everything is fine and nginx serves the page using my Lets Encrypt SSL certificate (which exists as secret in the right namespace). However when I visit the NON-www version of the website I get the failing SSL certificate page in my Browser (NET::ERR_CERT_AUTHORITY_INVALID) and one can see the page is served using the Kubernetes ingress fake certificate. I assume that's also the reason why the redirect to the www version does not work at all.
This is my ingress resource (actual hostnames have been redacted):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
creationTimestamp: 2018-10-03T19:34:41Z
generation: 3
labels:
app: nodejs
chart: nodejs-1.0.1
heritage: Tiller
release: example-frontend
name: example-frontend
namespace: microservices
resourceVersion: "5700380"
selfLink: /apis/extensions/v1beta1/namespaces/microservices/ingresses/example-frontend
uid: 5f6d6500-c743-11e8-8aaf-42010a8401fa
spec:
rules:
- host: www.example.io
http:
paths:
- backend:
serviceName: example-frontend
servicePort: http
path: /
tls:
- hosts:
- example.io
- www.example.io
secretName: example-frontend-tls
The question
Why doesn't nginx use the provided certificate on the non-www version as well?
