How to set Certificates and SNIs in Kong DB-less

I try to set Certificates in Kong DB-less my kong.yml look like this.

_format_version: "1.1"

services:
- name: test
  url: http://httpbin.org
  routes:
  - name: test
    hosts:
    - hello.test

certificates:
- cert: "-----BEGIN CERTIFICATE-----..."
  key: "-----BEGIN PRIVATE KEY-----..."
  snis: ["hello.test"]

Error from Kong (docker-compose logs)

kong       | 2019/08/15 10:14:41 [error] 19#0: init_by_lua error: /usr/local/share/lua/5.1/kong/init.lua:382: error parsing declarative config file /kong.conf.d/kong.yml:
kong       | in 'certificates':
kong       |   - in entry 1 of 'certificates':
kong       |     in 'snis':
kong       |       - in entry 1 of 'snis': expected a record
kong       |   Run with --v (verbose) or --vv (debug) for more details

I change snis to

  snis: "hello.test"

The error is

kong       | in 'certificates':
kong       |   - in entry 1 of 'certificates':
kong       |     in 'snis': expected an array

Any suggestion ?.
Thank you.

I think that should be:

snis:
- hello.test
snis:
- hello.test

Same error as

snis: [“hello.test”]

I run Kong in Docker with kong:1.3rc1 and add certificates via API, then use

kong config db_export kong.yml

kong.yml look like this worked for me with kong 1.2.x

_format_version: '1.1'
services:
- name: test
  url: http://httpbin.org
  routes:
  - name: test
    hosts:
    - hello.test

certificates:
- cert: "-----BEGIN CERTIFICATE-----..."
  key: "-----BEGIN PRIVATE KEY-----..."
  snis:
  - name: hello.test

Thank you @bungle for quick response :slight_smile:

Great! Sorry my bad, I should have tested it out. I am glad you found the right way!


© 2018 Kong Inc.    Terms  •  Privacy  •  FAQ