SOLVED What if I want to use existing CA certificate for Traefik ingress

[KpuCko]

Hi there,
I'm using Traefik as ingress for my apps in TrueNAS Scale. I see that by default new self-signed certificate has been generated. Although I can use it and it does the job, I prefer to use my own CA and SSL certificates issued by it.

What is the correct way to achieve this?
I have checked some articles in the Internet and saw that there is a config variable which I can use to specify the default certificates to be used.
https://doc.traefik.io/traefik/https/tls/#default-certificate, but in the GUI I don't see this as a option. Am I missing something?

I see Traefik also integrates with cert-manager, but I'm not sure cert-manager can use/import custom CA.

Thanks in advance.

 

[sretalla]

At the moment, you can use the "legacy" method to provide the certificate from one imported into the scale system under Credentials | Certificates.

In the Ingress section of the app, you select the certificate to use after defining the host, select the "Show Advanced Settings" and add a TLS settings item, then pick your imported certificate in "Use TrueNAS SCALE Certificate (Deprecated)".

That works for me now, but I expect you're supposed to be able to just import a certificate in the Clusterissuer "App" (not really an app) under the Certificate Authority Issuer... although now I'm reading that I'm doubting myself... but you can define a certificate and key in an item there, but it doesn't work, so maybe it's only for a CA, not for a cert in the end.

It would indeed be great if you could just do it like that and do away with messing around with all the crazy associated with changing your DNS to cloudflare (which of course you can't for something like duckdns).

 

[KpuCko]

so maybe it's only for a CA, not for a cert in the end.

Sorry do I get it right? You mean I'm able to import my CA into it, then use certissuer to issue new certificates based on that CA?
Is it there a example tutorial how to do that? Thanks