getting 404 not found from nginx , Fake cerificate is loading after installing SSL certs

rajendar talatam 1 Reputation point
2022-03-22T07:28:41.163+00:00

we are using aks k8s for our application we have installed ssl certs as secrets .we have ngnix-ingress in separate name space . once I applied certificates , I am getting 404 Not Found from nginx, from nginx side I verified everything , controller reloaded with new configarations . but I am not getting home page , any Idea on this issue Ref link posted .with curl I am able to get proper certificate installed
https://learn.microsoft.com/en-us/azure/aks/ingress-own-tls?tabs=azure-cli
curl -v -k --resolve azx-devops-monitoring.aaa.com:443:10.11.6.100 https://azx-devops-monitoring.aaa.com

but with browser once I tried I am getting 404 not found and the certificate also nginx fake certificate . url i tried

https://azx-devops-monitoring.aaa.com
https://10.11.6.100

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,871 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. risolis 8,701 Reputation points
    2023-03-23T05:20:54.1833333+00:00

    Hello @rajendar talatam

    Thank you for posting this concern on this community space.

    I was reading your case scenario description and I would like to gather you few points below:

    1-If I try to resolve your URL given "azx-devops-monitoring.aaa.com" on the browser, I get the following:

    DNS_PROBE_FINISHED_NXDOMAIN

    Which means non-existent-domain message

    2-I wonder if you set up a static or dynamic PIP (Public IP) for this domain so, please state this detail if possible

    3-If you are using a custom domain, well you are required to add an A record to your DNS zone but if not, you can configure the FQDN.

    4-Furthermore, you need to update your ingress routes to point out either to your custom domain or FQDN

    5-Moreover, I tried to query your existing domain and I get to the same point...

    C:\WINDOWS\system32>nslookup -q=soa azx-devops-monitoring.aaa.com

    Server: one.one.one.one

    Address: 1.1.1.1

    **** one.one.one.one can't find azx-devops-monitoring.aaa.com: Non-existent domain*

    C:\WINDOWS\system32>

    6-Finally, I did not understand very well when you were mentioning that you are using a fake certificate... I tend to believe that it is Self-signed certificate but otherwise, I would think that it is CA certificate...

    I hope that can be useful for you.

    Looking forward to your feedback,

    Cheers,

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.