I am using Nginx Ingress controller(Internal Ingress) and Cert-manger 0.15.1 helm charts. Kubernetes version: 1.14.x
My certificate status is not coming to to True. I have tried using both types of challengers DNS01 and HTTP01. Its the same. Error:
Attaching screen shots[![Kubernetes Ingress Controller Fake Certificate][1]][1]
cluster-issuer.yaml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
namespace: cert-manager
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: <email>
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
Ingress.yaml
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-devtools-ilb-https
namespace: <>
annotations:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/issuer: "letsencrypt-staging"
spec:
tls:
- hosts:
- domain.con
secretName: create-new-secret
rules:
- host: domain.com
http:
paths:
- path: "/"
backend:
serviceName: hello-service
servicePort: hello-port
- path: "/kube"
backend:
serviceName: hello-kubernetes
servicePort: 80
kubectl describe certificate create-new-secret
Name: create-new-secret
Namespace:
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1alpha2
Kind: Certificate
Metadata:
Creation Timestamp: 2020-07-19T13:30:01Z
Generation: 1
Owner References:
API Version: extensions/v1beta1
Block Owner Deletion: true
Controller: true
Kind: Ingress
Name: <ingress-name>
UID: f0b74bb6-c903-11ea-9960-4201ac100008
Resource Version: 521536
Self Link: /apis/cert-manager.io/v1alpha2/namespaces/<namesapce>/certificates/create-new-secret
UID: f2b63e87-c9c3-11ea-bb3e-4201ac100004
Spec:
Dns Names:
domain.com
Issuer Ref:
Group: cert-manager.io
Kind: Issuer
Name: letsencrypt-staging
Secret Name: create-new-secret
Status:
Conditions:
Last Transition Time: 2020-07-19T13:30:02Z
Message: Waiting for CertificateRequest "create-new-secret-2447513806" to complete
Reason: InProgress
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal GeneratedKey 3m8s cert-manager Generated a new private key
Normal Requested 3m8s cert-manager Created new CertificateRequest resource "create-new-secret-2447513806"
Please help me in resolving this
I am able to resolve this with the help of DNS01
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: cert-issuer
namespace: <>
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email:
privateKeySecretRef:
name: dns-prod-issuer
solvers:
- selector: {}
dns01:
clouddns:
project: GCP_project_ID
serviceAccountSecretRef:
name: clouddns-dns01-solver-svc-acct
key: key.json
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: cert
namespace: <>
spec:
secretName: cert-secret
issuerRef:
name: cert-issuer
kind: Issuer
dnsNames:
- host.domain.com
- www.host.domain.com
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-https
namespace: <>
annotations:
kubernetes.io/ingress.allow-http: "false"
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: host.domain.com
http:
paths:
- path: "'"
backend:
serviceName:
servicePort:
tls:
- hosts:
- host.domain.com
secretName: cert-secret