Do not send empty certificates to nginx

internal/ingress/controller/nginx.go

@@ -994,6 +994,10 @@ func configureCertificates(pcfg *ingress.Configuration) error {
 	var servers []*ingress.Server
 
 	for _, server := range pcfg.Servers {
+		if server.SSLCert.PemCertKey == "" {
+			continue
+		}
+
 		servers = append(servers, &ingress.Server{
 			Hostname: server.Hostname,
 			SSLCert: ingress.SSLCert{
@@ -1001,8 +1005,7 @@ func configureCertificates(pcfg *ingress.Configuration) error {
 			},
 		})
 
-		if server.Alias != "" && server.SSLCert.PemCertKey != "" &&
+		if server.Alias != "" && ssl.IsValidHostname(server.Alias, server.SSLCert.CN) {
-			ssl.IsValidHostname(server.Alias, server.SSLCert.CN) {
 			servers = append(servers, &ingress.Server{
 				Hostname: server.Alias,
 				SSLCert: ingress.SSLCert{
@@ -1014,6 +1017,10 @@ func configureCertificates(pcfg *ingress.Configuration) error {
 
 	redirects := buildRedirects(pcfg.Servers)
 	for _, redirect := range redirects {
+		if redirect.SSLCert.PemCertKey == "" {
+			continue
+		}
+
 		servers = append(servers, &ingress.Server{
 			Hostname: redirect.From,
 			SSLCert: ingress.SSLCert{

internal/ingress/sslcert.go

@@ -43,7 +43,7 @@ type SSLCert struct {
 	// ExpiresTime contains the expiration of this SSL certificate in timestamp format
 	ExpireTime time.Time `json:"expires"`
 	// Pem encoded certificate and key concatenated
-	PemCertKey string `json:"pemCertKey"`
+	PemCertKey string `json:"pemCertKey,omitempty"`
 }
 
 // GetObjectKind implements the ObjectKind interface as a noop