openshift-letsencrypt icon indicating copy to clipboard operation
openshift-letsencrypt copied to clipboard

Published 20 hours ago verified publisher icon ibotty

Create only one certificate per domain for multiple routes with same domain

Open mguillem opened this issue 7 years ago • 6 comments

According to the log (and my understanding of the code), it seems that a new certificate is requested for each route, even if the host name is the same. This is a problem due to the rate limit of letsencrypt.

In our case, multiple routes are used to map different services to sub paths.

mguillem avatar Apr 27 '17 10:04 mguillem

Yes, that's right. Any idea how an api should look like? I prefer being explicit which domains to combine.

ibotty avatar Apr 27 '17 10:04 ibotty

Oh, you mean routes with paths. Yeah, that's a bug, I introduced when going from secrets to just storing the certificates in the route.

ibotty avatar Apr 27 '17 10:04 ibotty

What was the motivation for moving away from the secrets?

mguillem avatar Apr 27 '17 12:04 mguillem

It did not work for some people, I guess because of bugs in openshift. Additionally, having the certificates in two places (the route and a secret) is not nice. I really do hope, that routes when they get rebased on top of ingresses additionally have a way to reference a secret.

ibotty avatar Apr 27 '17 12:04 ibotty

I don't have much time now, can you please test the path-routes branch? It should fix that part (and lay the foundation of grouping certificates).

ibotty avatar Apr 28 '17 10:04 ibotty

Did you have a chance to test the branch?

ibotty avatar Jun 13 '17 09:06 ibotty