How to keep Nodebalancer certificate up-to-date

I am using a Linode NodeBalancer created via Ingress Nginx. To receive a real Client IP I am considering switching from TCP to HTTPS protocol, which requires SSL Certificate and Private Key. As far as I understand it should be issued by public authority, like Let's Encrypt. At the same time, such certificates typically are issued for 3 months. Is there any easy way to auto-renew certificates in NodeBalancer configuration? Ideally Terraform-based solution.

Note. Please do not offer TCP and proxy protocol, it does not work with Kubernetes internal communication properly.

1 Reply

You should be able to use cert-manager–which uses CustomResourceDefinitions to configure and request certificates–to set this up. We have a guide to help with that:

Based on this part here, this sounds like it could have everything you need:

This guide will use an example Kubernetes Deployment and Service to demonstrate how to route external traffic to a Kubernetes application over HTTPS. This is accomplished using the NGINX Ingress Controller, cert-manager and Linode NodeBalancers.

As I understand it, cert-manager can be configured in a variety of ways, and I'm not sure if there is a default behavior for auto-renewal, but you should be able to set the renewBefore: value in the yaml to what you need. This isn't something I've done before so you may need to play around a bit to get everything working. You can read more about renewal triggers in their documentation:

I'm not sure if this helps, but I found a Terraform Module for cert-manager.

I hope something here gets you moving in the right direction.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct