Cert-manager certificate for n8n hosted in AKS

Questions
1

n8n is hosted in AKS, created certificate using cert-manager
kubectl describe secret n8n-tls-secret -n n8n
Name: n8n-tls-secret
Namespace: n8n
Labels: controller.cert-manager.io/fao=true
Annotations: cert-manager.io/alt-names: n8n.ttg-ecom.tools
cert-manager.io/certificate-name: n8n-tls-secret
cert-manager.io/common-name:
cert-manager.io/ip-sans:
cert-manager.io/issuer-group: cert-manager.io
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt-prod
cert-manager.io/subject-serialnumber: 1234567890
cert-manager.io/uri-sans:

Type: kubernetes.io/tls

Data

tls.crt: 973 bytes
tls.key: 1675 bytes
ubectl describe certificate -n n8n
Name: n8n-tls-secret
Namespace: n8n
Labels:
Annotations: acme.cert-manager.io/http01-override-ingress-name: n8n-ingress
cert-manager.io/issue-temporary-certificate: true
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2023-06-30T14:44:11Z
Generation: 1
Managed Fields:
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:conditions:
.:
k:{“type”:“Ready”}:
.:
f:lastTransitionTime:
f:message:
f:observedGeneration:
f:reason:
f:status:
f:type:
f:notAfter:
f:notBefore:
f:renewalTime:
Manager: cert-manager-certificates-readiness
Operation: Update
Subresource: status
Time: 2023-06-30T14:44:11Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:acme.cert-manager.io/http01-override-ingress-name:
f:cert-manager.io/issue-temporary-certificate:
f:ownerReferences:
.:
k:{“uid”:“8f7efddf-ff10-40c0-a082-bbc000a1c4ea”}:
f:spec:
.:
f:dnsNames:
f:issuerRef:
.:
f:group:
f:kind:
f:name:
f:secretName:
f:usages:
Manager: cert-manager-ingress-shim
Operation: Update
Time: 2023-06-30T14:44:11Z
Owner References:
API Version: networking.k8s.io/v1
Block Owner Deletion: true
Controller: true
Kind: Ingress
Name: n8n-ingress
UID: 8f7efddf-ff10-40c0-a082-bbc000a1c4ea
Resource Version: 4974638
UID: 9d206b5d-3d5c-468c-b199-5986126087a3
Spec:
Dns Names:
n8n.ttg-ecom.tools
Issuer Ref:
Group: cert-manager.io
Kind: ClusterIssuer
Name: letsencrypt-prod
Secret Name: n8n-tls-secret
Usages:
digital signature
key encipherment
Status:
Conditions:
Last Transition Time: 2023-06-30T14:44:11Z
Message: Certificate is up to date and has not expired
Observed Generation: 1
Reason: Ready
Status: True
Type: Ready
Not After: 2023-09-28T14:40:45Z
Not Before: 2023-06-30T14:40:45Z
Renewal Time: 2023-08-29T14:40:45Z
Events:

but the

Screenshot 2023-06-30 at 8.56.18 PM
Screenshot 2023-06-30 at 8.56.18 PM1758×1302 213 KB

Deployment.yaml

  • name: N8N_SSL_CERT
    value: /etc/n8n-tls-secret/tls.crt
    - name: N8N_SSL_KEY
    value: /etc/n8n-tls-secret/tls.key
    image: n8nio/n8n:0.233.1
    name: n8n
    ports:
    - containerPort: 443
    resources:
    requests:
    memory: “500Mi”
    limits:
    memory: “1000Mi”
    volumeMounts:
    - mountPath: /root/.n8n
    name: n8n-claim0
    - mountPath: /etc/n8n-tls-secret
    name: n8n-tls-secret
    restartPolicy: Always
    volumes:
    - name: n8n-tls-secret
    secret:
    secretName: n8n-tls-secret

what else to be added in the deployment.yaml to get the certificate updated to https://n8n.ttg-ecom.tools?

2

Hey @Shalini,

The config looks ok at first glance, Did you restart it after adding the cert and verified the paths are correct for the container? If you are setting up n8n to handle SSL then n8n would need access to the certs in the container so it could be that the path is not mounted correctly.

Are you sure you want n8n to handle the SSL as well? Normally this would be handled by your NLB or reverse proxy which makes the configuration a lot easier.

3

Added certificate using ingress, its working fine now

1 Like
4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.