Pushing SocketClutser to Google K8S Engine, the Ingress service not working complaining SSL key is too large

I have created a socketcluster nodejs app. I followed their official docs to deploy the service to Google K8s Engine. However the ingress service is not running up and complains about :

Error:googleapi: Error 400: The SSL key is too large., sslCertificateKeyTooLarge

I tried following certificates:

  1. 4048 Key size certificate from Let'sEncrypt
  2. 2048 Key size using cert created using Open SSL.

Both of them result the the same error.

Do any one know how do I resolve this? And where do I get proper certificate for enabling TLS?


Solution 1:

IIRC, only RSA-2048 and ECDSA P256 keys are supported:

openssl genrsa -out PRIVATE_KEY_FILE 2048

openssl ecparam -name prime256v1 -genkey -noout -out PRIVATE_KEY_FILE

Solution 2:

I also struggled due to this error on using Letsencrypt certs with 4096bit private key to a GKE ingress - even creating the secret worked fine for [1].

Finally overcame with editing "/etc/letsencrypt/cli.ini"

rsa-key-size = 2048

issued new certificate, keyfile and put those into secret.

[1] https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-multi-ssl