I got a flask app deployed on two K8 clusters on 2 sites, 1 cluster in each site. The app in site 1 is fronted by ingress controller which is further fronted by Akamai GTM, I use lets encrypt for cert validation. when lets encrypt makes a request to the URL it looks for the well-known acme challenge, find the certificate and validates.
When the app bounces over to the second site, lets encrypt makes a request to the url but finds a different IP associated with the URL as expected and thus the certificate validation fails. Its clear that the method is HTTP-01 challenge here. I wanted to ask if DNS-01 challenge would solve the blocker I am experiencing of having the cert validation work even if the cluster bounces over to the second site.
The short answer is YES! DNS challenge should solve the issue as long as you have a script or other method to distribute the certs as they are issued.
(I see Bruce is responding, lets here what he has to say!)
I think the DNS-01 challenge would work,
if your DNS Name Service Provider allows the TXT record to be created and edited (ideally in a way that can be easily automated).
Thank you, yes I am using Akamai Edge DNS as the DNS name service provider. it has a plugin for certbot that creates TXT records, and a script to automatically renew
