Certificate creation failed: 403 error for apinext.healthfirst.com

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:apinext.healthfirst.com

I applied the folloiwng code in kubect. :

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: mycert
  namespace: mynamespace
spec:
  secretName: mysecrete
  issuerRef:
    name: le-issuer
    kind: ClusterIssuer
  commonName: apinext.healthfirst.com
  dnsNames:
  - apinext.healthfirst.com

port 80 is working just fine.
It produced this output:

Accepting challenge authorization failed: acme: authorization error for apinext.healthfirst.com: 403 urn:ietf:params:acme:error:unauthorized: 13.86.253.179: Invalid response from https://apinext.healthfirst.com/.well-known/acme-challenge/HblsIapof36toVr6lMDIEZRZ4Gp8EuXotzMAaJF39JQ:
My web server is (include version): kubernetes

The operating system my web server runs on is (include version):ubuntu

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): cert-manager

1 Like

Hi @vairakkumaar.svs, and welcome to the LE community forum :slight_smile:

Is this your first time using cert-manager?
Have you reviewed?:

4 Likes

https://www.ssllabs.com/ssltest/analyze.html?d=apinext.healthfirst.com

https://cryptcheck.fr/https/apinext.healthfirst.com

Are you sure https://apinext.healthfirst.com/.well-known/acme-challenge/HblsIapof36toVr6lMDIEZRZ4Gp8EuXotzMAaJF39JQ: is offering content?

Also Certificate Transparency logs show that you have received LE Certificates in the past.

2 Likes

What makes you believe that, any evidence?
Using this Redirect Checker | Check your Statuscode 301 vs 302
I see this:

2 Likes

The site is generating cert through cert-manager. The acme container responds for the wellknown challenge.
It looks like a config issue. Will investigate further.

I have been using cert-manager before. I am setting up a new environment and having this challenge.