I’m trying to configure public networking with a certificate signed by letsencrypt, using cert-manager. But the certificate is required to have a number of local SANs, which letsencrypt won’t allow (error:
Domain name does not end with a valid public suffix (TLD)). What’s the process for generating a TLS certificate signed by a trusted CA with both public and local DNS names?
I’m also trying to figure out how the operatorSecret fits into this. My understanding is the server certificate should descend from this operator CA certificate. But how can I have a trusted CA sign my public server certificate if I need my own self-signed CA certificate?
Also, cert-manager saves certificates in the TLS secret format, with certificate named
tls.crt and private key named
tls.key. What’s the best way to handle passing this secret to Couchbase, which expects the certificate to be named
chain.pem and private key