Question
404 letsencrypt challenge on VPS with kubernetes
- Posted on January 16, 2023
- Kubernetes
Asked by Chris2301
DNS side On my DNS management provider (directAdmin) I have 2 A records pointing to my droplet ip (www, example.com). In my browser I get the default DA page (something amazing will be constructed here). With curl I get my webpage when i go to http://example.com and a cert issue when I try the https. So far understandable for me because my letsencrypt status is false.
K3s side Here I have a single node k3s environment on a droplet. Traefik Ingress routes are succesfully tested on server using curl. However my https lets encrypt config does not work with the following config
The challenge fails with the following output:
Accepting challenge authorization failed: acme: authorization error for example.com: 403 urn:ietf:params:acme:error:unauthorized: 2a03:b0c0:2:d0::14bf:4001: Invalid response from https://example.com/.well-known/acme-challenge/q-5BZ4t4ucyE5gLiIrMQccmhzOlqnTbtxxyofOH9r7c: 404
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
namespace: default
spec:
acme:
email: *****
privateKeySecretRef:
name: staging-issuer-account-key
server: https://acme-staging-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
ingressTemplate:
metadata:
annotations:
kubernetes.io/ingress.class: traefik
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: traefik-ingress
annotations:
#nginx.ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: "traefik"
cert-manager.io/cluster-issuer: letsencrypt-staging
spec:
tls:
- secretName: example-com
hosts:
- example.com
rules:
- host: "example.com"
http:
paths:
- pathType: Prefix
path: "/api/"
backend:
service:
name: example-backend
port:
number: 8080
- pathType: Prefix
path: "/"
backend:
service:
name: example-ui
port:
number: 80
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-com
namespace: default
spec:
secretName: example-tls
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
commonName: example.com
dnsNames:
- example.com
I am relatively new to the ops side of developing and I do not know if more info is needed. Thanks in advance!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.
Get started for free
Enter your email to get $200 in credit for your first 60 days with DigitalOcean.
New accounts only. By submitting your email you agree to our Privacy Policy.
Hi @chris2301,
I’m not entirely sure as I’ve not had to deal that much with this, however you can edit your cert-manager deployment and add