How to change the default certificate chain in Kubernetes Ingress

lets-encrypt kubernetes ingress

Solution 1:

If you are using cert-manager, optional control of the intermediate certificate isn't available yet.

That doesn't stop you from issuing your own certificate with certbot which has added support to select the chain and installing that on the ingress.

certbot ... --preferred-chain "ISRG Root X1"

Any unknown value for preferred-chain will give you the default chain.

Solution 2:

Perhaps a spot late, but this is supported now. You can configure your issuer like this:

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    preferredChain: "ISRG Root X1"

See this page for more

Related

PHP scripts suddenly load very slow on Apache
Check OCSP on Linux with GET method
User agents not trusting web server due to Let's Encrypt DST Root CA X3 root certificate expiration
firewalld is not working in CentOS 8: no rule at all is created in iptables
Does ActiveDirectory support Kerberos user principle instances?
File is too big for /dev/null
EMC VNX iSCSI setup - unsure about SP/port assignment
Setting up a user without a password
How to change assigned letter for Ephemeral drives automatically?
Cannot edit VM or access it via SSH. error:Supplied fingerprint does not match current metadata fingerprint
Can a server have "too much" RAM? Is there an optimal level of RAM, or is more always better?
What is "Radan HTTP"?