acme staging environment shows invalid certificate

Question

I have created a staging environment with cert-manager as the following:

---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    email: stage@example.io
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: privateKeySecretRef
    solvers:
      - dns01:
          digitalocean:
            tokenSecretRef:
              name: digitalocean-dns
              key: access-token
        selector:
          dnsNames:
            - "*.dev.svc.databaker.io"
            - "*.stage.svc.databaker.io"
--- 

and have created a certifcate for the wildcard domain *.dev.svc.databaker.io:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: dev-cert-staging
  namespace: dev
spec:
  secretName: secretName
  issuerRef:
    name: letsencrypt-staging
    kind: ClusterIssuer
  commonName: "*.dev.svc.databaker.io"
  dnsNames:
    - "*.dev.svc.databaker.io"

at the end, an ingress object:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-staging
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
  name: dashboard
  namespace: dev
spec:
  rules:
  - host: dashboard.dev.svc.databaker.io
    http:
      paths:
      - backend:
          serviceName: dashboard
          servicePort: 80
        path: /
  tls:
  - hosts:
    - '*.dev.svc.databaker.io'
    secretName: secretName

When I call the page https://dashboard.dev.svc.databaker.io/, it shows me:

The question is, if it is right, that it shows an invalid certificate?

Answer 1

It's right, staging is for testing certificate creation and has a very high limit on certificate issues.

Use production cert-issuer for even your dev environments but it's limited so make sure you're not spamming certs.