Certificates Kubernetes
CertManager logging
k logs -n cert-manager cert-manager-
get Issuers
kubectl get issuers.cert-manager.io -A
get CertificateRequests
kubectl get certificaterequest
see the state of the request
kubectl describe certificaterequest some-certificaterequest-name
check the Order
kubectl get order
kubectl describe order some-order-name
check Challenge
kubectl get challenge
kubectl describe challenge some-challenge-name
get certificate info
kubectl get secrets blaataap.com -n platform -o json | jq '.data["tls.crt"]' |sed 's/"//g' | base64 -d| openssl x509 --text
kubectl get certificate -n platform -o=jsonpath='{.items[0].status.renewalTime}'
curl --insecure -v https://blaataap.com:443 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'
Kubernetes get certificate info
#!/bin/bash
kubectl get secrets blaataap.com -n platform -o json | jq '.data["tls.crt"]' |sed 's/"//g' | base64 -d > output.crt
COUNTER=1; OLDIFS=$IFS; IFS=';' blocks=$(sed -n '/-----BEGIN /,/-----END/ {/-----BEGIN / s/^/\;/; p}' output.crt);
for block in ${blocks#;}; do
echo "certificate $COUNTER"
# echo $block | openssl x509 -noout -subject -issuer -startdate -enddate -in - # OpenSSL 1
echo $block | openssl x509 -noout -subject -issuer -startdate -enddate - # OpenSSL 3
COUNTER=$((COUNTER +1))
done; IFS=$OLDIFS
Source:
https://raymii.org/s/tutorials/Bash_bits_split_a_file_in_blocks_and_do_something_with_each_block.html
https://cert-manager.io/docs/faq/acme/
https://cert-manager.io/docs/faq/troubleshooting/
https://www.thinktecture.com/en/kubernetes/ssl-certificates-with-cert-manager-in-kubernetes/