[Help request] Traditional deployment failed if ssl is enabled

Question

[Help request] Traditional deployment failed if ssl is enabled

Opened this issue a month ago · 1 comments

Hi team

I am trying to enable HTTPS in APISIX Gateway that I deployed in traditional mode using Helm chart version 2.10.0.
Here is the fragment of values.yaml used to deploy

apisix:
ssl:
enabled: true
existingCASecret: "secret-crt"
certCAFilename: "ca.crt"
fallbackSNI: "localhost"

The secret exists.

My pod doesn't start because of this error
nginx: [emerg] cannot load certificate "/usr/local/apisix/conf/cert/ssl_PLACE_HOLDER.crt"

I re-read the documentation and don't see any obvious (for me) error.

What did I miss?

Thanks for your help

Answer 1 · 2024-11-20T08:19:37.000Z

Do you have a secret created which holds your Certificate ?

In order to get your certifcate loaded create a certificate like this

apiVersion: v1
kind: Secret
metadata:
  name: apisix-ca-secret 
  namespace: <YOUR-NAMESPACE OR DEFAULT>
type: Opaque 
data:
  mycert.pem: <BASE64-ENCODED-PEM-CERTIFCATE>

deploy this certificate into your cluster.

Adapt your apisix values.yaml

  ssl:
      enabled: true
      existingCASecret: "apisix-ca-secret"
      # -- Filename be used in the apisix.ssl.existingCASecret
      certCAFilename: "mycert.pem"

and restart apisix. Now it should work