My domain is: cdp.obdo.dev
I ran this command:
Install RKE cluster behind of Load Balancer.
I install cert-manager 1.0.3 :
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.3/cert-manager.crds.yaml
helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.0.3
kubectl -n cert-manager rollout status deploy/cert-manager
I install Rancher :
helm install rancher rancher-stable/rancher --namespace cattle-system --set hostname=cdp.obdo.dev --set ingress.tls.source=letsEncrypt --set letsEncrypt.email=<email>
The certificate is not issued, cert-manager expects a response but the challenge shows another response depending on IP on which it is resolved.
It produced this output:
E1020 09:41:34.245669 1 sync.go:183] cert-manager/controller/challenges "msg"="propagation check failed" "error"="did not get expected response when querying endpoint, expected \"UEJgSbJKKACGNq2NX1DK7R-l32tUAr9gsF5AkwdXM5w.XtUsdNKCseioTqRG85H2jizyozIIzOVqshkq223I_DM\" but got: UEJgSbJKKACGNq2NX1DK7R-l... (truncated)" "dnsName"="cdp.obdo.dev" "resource_kind"="Challenge" "resource_name"="tls-rancher-ingress-bcxgf-1464574410-2707586409" "resource_namespace"="cattle-system" "resource_version"="v1" "type"="HTTP-01"
This is the response of the challenge when I ask directly to an instance node behind external Load Balancer :
curl -H 'Host: cdp.obdo.dev' http://146.59.197.177/.well-known/acme-challenge/UEJgSbJKKACGNq2NX1DK7R-l32tUAr9gsF5AkwdXM5w
UEJgSbJKKACGNq2NX1DK7R-l32tUAr9gsF5AkwdXM5w.XtUsdNKCseioTqRG85H2jizyozIIzOVqshkq223I_DM
This is the response of the challenge when I ask through the Load Balancer IP (pointed by the DNS) :
curl -H 'Host: cdp.obdo.dev' http://51.91.60.230/.well-known/acme-challenge/UEJgSbJKKACGNq2NX1DK7R-l32tUAr9gsF5AkwdXM5w
UEJgSbJKKACGNq2NX1DK7R-l32tUAr9gsF5AkwdXM5w.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8
The operating system my web server runs on is (include version): Ubuntu 20.08
My hosting provider, if applicable, is: OVH VPS for servers + OVH Load Balancer
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): cert-manager 1.0.3
I already installed many cert-manager without problem. But the first time on OVH Load Balancer.
Any help would be appreciated !