You should get your ingress working (i.e. accessible from wherever you want access) before attempting to acquire a certificate (and before installing cert-manager at all for that matter). Typically a load balancer is provisioned during the ingress-nginx deployment process with an IP address that is connected one step further up in your network toward your public ingress point (e.g. a private IP address with a route from your corporate firewall or an Azure public IP address). That load balancer connects to your ingress-nginx replica instances (usually two, sometimes more depending upon your needs). There are many online examples of how to configure this (though I'm unsure of the exact addresses at the moment). They typically involve passing a yaml file to the ingress-nginx installer (via helm) that contains a configuration specifying the IP address of the load balancer to be deployed.
3 Likes