Home > Software engineering >  Finding the SSL cert used for a website in Azure Kubernetes
Finding the SSL cert used for a website in Azure Kubernetes

Time:10-30

My team inherited a 3rd party Azure software product from another company. It was migrated or moved over by someone external, and the website had been working, until The cert for our dev site in Azure has expired..

but I'm not seeing the SSL cert anywhere in places recommended online to store certs. We're looking to find the cert and then renew it as well. The website is set up to only allow https access.

It was issued by Let's Encrypt, and there are helpful articles out there to auto renew; I just don't know where the cert is located yet. Hoping someone can help give options, maybe a different keyword other than (SSL or Cert) to find it on a global level in Azure.

The usual places for certs that I know of but are EMPTY are: Azure Key Vault > Cert. App Services Cert Application Gateway App Services (This resource type is not even used)

I've also looked under Settings/Properties for our AKS resource, Azure Load Balancer, and in various YAML files for these. Not seeing anything cert related there.

I expected there to be a cert in a Key Vault and to then update/configure that to auto renew so that it's a hands-off approach.

CodePudding user response:

This cert might be configured in your ingress by allowing SSL termination at ingress level. You better describe your ingress resources and check if there is any config as,

TLS:
  <name>

If it is there, probably there needs to be a k8s secret with the name <name> which hold the cerificates.

CodePudding user response:

To extend the answer of Sahan, usually ssl termination is handled at ingress level. So if you are using any third part certificate authority, your certificates must be imported as secret inside k8s cluster. You can view your secrets

kubectl get secrets

If you find any secrets that match with your ingress object specified by Sahan, then this is the location of certificates.

spec:
  tls:
    - hosts:
        - yourdomain.com
      secretName: name_of_secret_returned_from_above_command
  rules:
    - host: yourdomain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: your_web_service
                port:
                  number: 80

If you are using letsencrypt, then this is the guide that can help you

  • Related