Error: Your connection is not private

If your getting a TLS error for a service leveraging kube-lego, then try deleting the TLS secret to let kube-lego generate a new one.

Question

We’re using kube-lego together with the standard nginx ingress controller for kubernetes. The site was working fine with TLS, but after we changed the hostname and redeployed, we started getting the following error.

TLS Privacy Error

Answer

This may be caused by a stale kube-lego secret which is used to store the Let’s Encrypt certificates. If the secret was previously created with a different hostname, kube-lego doesn’t seem to realize that it should regenerate it. Try deleting the secret containing the TLS certificates for your service. After this, kube-lego should automatically regenerate the certificates. Worst case, redeploy your service after deleting the secret.

Note

If the service was deployed as part of a helm chart, then deleting the release will not be sufficient to delete the kube-lego secret. This is because the secret is not created by the helm chart, but by kube-lego. Manually delete the TLS secret containing the kube-lego certificates for your service.

Other Considerations

Troubleshooting Resources