TLS certificates are vital in today's internet application landscape.
They provide applications with:
- A better SEO ranking
Each environment is provided with a default domain and certificate automatically.
# Non Production ENV.PROJECT.CLUSTER.skpr.dev # Production ENV.PROJECT.CLUSTER.skpr.live
Configuring an environment
As extra routes are added to the application, additional certificates are generated in the background and applied to the environment.
ingress: routes: - example.com - www.example.com
Validating a Certificate
Certificates are validated with DNS to provide low friction when provisioning environments.
To check the status of a certificate, run the following command.
$ skpr info dev ...... Certificates: -------------------------- Status: ISSUED Name: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.example.com. Type: CNAME Value: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyyyyyyyyy.acm-validations.aws. Status: ISSUED Name: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.www.example.com. Type: CNAME Value: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyyyyyyyyy.acm-validations.aws.
Customers are required to add DNS entries for validation.
Certificates are managed by AWS Certificate Manager
Certificates are automatically provisioned by the Operator Project as new domains are added to an environment.
The operator has 2 roles.
Certificate- Manages provisioning and lifecycle of
Desired - The certificate which we want to be provisioned (can be the same as the active certificate).
- Active - Current certificate which is being provided to CloudFront.
- Old - Issued certificates which are not currently required.