Reputation: 6699
Digital Ocean Kubernetes Let's Encrypt Waiting for HTTP-01 challenge propagation: failed to perform self check
I have been trying to deploy a Kubernetes cluster in Digital Ocean. Everything seems to work except when I try to apply the tls certificates. I have been following these steps, but with Nginx Ingress Controller v1.0.0 and cert-manager v1.5.0.
I have two urls, let's say api.example.com and www.example.com
Checking the challenge I saw Waiting for HTTP-01 challenge propagation: failed to perform self check GET request...
I tried adding the following annotations to the ingress:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: "letsencrypt-prod"
Or using this service as a workaround:
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
annotations:
service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
service.beta.kubernetes.io/do-loadbalancer-hostname: "www.example.com"
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
#CHANGE/ADD THIS
externalTrafficPolicy: Cluster
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
If I go to the URL challenge I am able to see the hash, but I am stuck, I am not sure why it is failing or the steps to solve this.
Upvotes: 1
Views: 1353
Answers (1)
Reputation: 5277
As agusgambina has mentioned in the comment, problem is solved:
I was able to make this work, first I need to get the load balancer id executing
k describe svc ingress-nginx-controller --namespace=ingress-nginxand then pasting in the annotationkubernetes.digitalocean.com/load-balancer-id: “xxxx-xxxx-xxxx-xxxx-xxxxx”thanks for your comments, it helped me to solve the issue.
This problem described also here and there is also a tutorial
How to Set Up an Nginx Ingress with Cert-Manager on DigitalOcean Kubernetes.
Upvotes: 2
Related Questions
- Can't complete HTTP challenge for letsencrypt on Kubernetes
- CertManager Letsencrypt CertificateRequest "failed to perform self check GET request"
- Kubernetes Cert-manager issue in Baremetal: Waiting for HTTP-01 challenge propagation: wrong status code '403', expected '200'
- Waiting for HTTP-01 challenge propagation: failed to perform self check GET request
- Kubernetes cert-manager certificate is created but can not get vertified
- Error using Let's Encrypt in Ingress:Issuing certificate as Secret does not exist using
- Waiting for HTTP-01 challenge propagation: failed to perform self check GET request - ISTIO
- kubernetes certmanager letsencrypt giving error "Your connection is not private"
- Let's encrypt on GKE with Cert-manager : Invalid certificate
- Kubernetes cert-manager certificate generating error