Open lmineiro opened 6 years ago
When senza looks up SSL certificates for the LB listeners is picks the first one that matches the domain name.
This can return a certificate that is not valid.
The list of eligible certificates should only include valid certificates and, ideally, sort them like we did for https://github.com/zalando-incubator/kube-ingress-aws-controller/blob/master/certs/matching.go#L21
When senza looks up SSL certificates for the LB listeners is picks the first one that matches the domain name.
This can return a certificate that is not valid.
The list of eligible certificates should only include valid certificates and, ideally, sort them like we did for https://github.com/zalando-incubator/kube-ingress-aws-controller/blob/master/certs/matching.go#L21