From 0f436f92485fd243cdcd8dbe1133fd96ddca74ea Mon Sep 17 00:00:00 2001 From: Zhimin Xiang Date: Mon, 12 Oct 2020 05:46:16 -0700 Subject: [PATCH] Explicitly point out not installing ns-cert component for http01 challenge (#2890) * explicitly point out not installing ns-cert component for http01 challenge * fix format * address comments --- docs/serving/using-auto-tls.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/serving/using-auto-tls.md b/docs/serving/using-auto-tls.md index 26908890a..aa2fc2dca 100644 --- a/docs/serving/using-auto-tls.md +++ b/docs/serving/using-auto-tls.md @@ -31,7 +31,8 @@ Knative supports the following Auto TLS modes: - In this type, your cluster does not need to be able to talk to your DNS server. You just need to map your domain to the IP of the cluser ingress. - - When using HTTP-01 challenge, **a certificate will be provisioned per Knative Service.** Certificate provision per namespace is not supported when using HTTP-01 challenge. + - When using HTTP-01 challenge, **a certificate will be provisioned per Knative Service.** + - **HTTP-01 does not support provisioning a certificate per namespace.** ## Before you begin @@ -154,6 +155,9 @@ and which DNS provider validates those requests. If you choose to use the mode of provisioning certificate per namespace, you need to install `networking-ns-cert` components. +**IMPORTANT:** Provisioning a certificate per namespace only works with DNS-01 + challenge. This component cannot be used with HTTP-01 challenge. + 1. Determine if `networking-ns-cert` deployment is already installed by running the following command: