7

I currently have a Kubernetes cluster running on GCP. In this cluster I have a working NGINX Ingress, but now I'm trying add a certificate to this by using cert-manager.

Everything works fine except the ACME challenge. When I do a kubectl describe challenge I get the following:

Status:
  Presented:   true
  Processing:  true
  Reason:      Waiting for HTTP-01 challenge propagation: failed to perform self check GET request

When the acme challenge creates a solver service I get the follow error message on GCP:

"All hosts are taken by other resources"

Image of the error I'm getting in google cloud

I have tried to create a Issuer and ClusterIssuer but the same problem keeps popping up.

Modx
  • 223
  • 2
  • 9
  • After testing a bit I have figured out that when you delete the ingress that is currently running the ```acme challenge``` does proceed and get validated. After that I recreated the Ingress and everything seemed to work just fine. This however is not best practice. Still looking for a valid solution. – Modx Dec 02 '20 at 08:41

1 Answers1

12

After trying to solve the issues and browsing the web, I have figured out the solution. It is possible to add the following annotation:

annotations:
  acme.cert-manager.io/http01-edit-in-place: "true"

After adding this line to my Ingress resource everything seemed to work perfectly. When this annotation is not passed in, cert-manager will create an extra Ingress for the acme challenge

See: Cert-manager, using an Ingress

Modx
  • 223
  • 2
  • 9