K8s Getting 404 while issuing certificate with cert-manager

manushi · October 21, 2024, 7:04am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: argocd-new.k8s.begenuin.com

I follow this document: Securing NGINX-ingress - cert-manager Documentation

It produced this output: GET /.well-known/acme-challenge/OZDFw-TyWw92dE2MmD2X8vwl1dx9I9ZUjq2Rnh8ujao HTTP/1.1" 404 19 "http://argocd-new.k8s.begenuin.com/.well-known/acme-challenge/OZDFw-TyWw92dE2MmD2X8vwl1dx9I9ZUjq2Rnh8ujao" "cert-manager-challenges/v1.16.1 (linux/amd64) cert-manager/ff50c068fd1942419fcce05131d3200a7641cc50" 394 0.000 [cert-demo-kuard-80] 10.0.5.184:8080 19 0.001 404 e4cb0e02e7068bd155e2922bcbba529

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

rg305 · October 21, 2024, 12:49pm

I'm not sure how cert-manager works...
But I do find it strange that the failed challenge request is via HTTP.
When it seems to redirect ALL challenge requests to HTTPS:

curl -Ii argocd-new.k8s.begenuin.com/.well-known/acme-challeng/Test_File-1234
HTTP/1.1 308 Permanent Redirect
Date: Mon, 21 Oct 2024 12:46:59 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://argocd-new.k8s.begenuin.com/.well-known/acme-challeng/Test_File-1234

So...
We should have a look at the complete nginx configuration, with:

`nginx -T`

MikeMcQ · October 21, 2024, 1:44pm

Maybe all "offline" tests but not when they actually requested the cert. Cert-manager must setup something to "grab" the HTTP request much like Certbot when using --apache or --nginx plugin.

rg305 · October 21, 2024, 2:59pm

That is what I was thinking.
Which is why I'm wondering what the web server config looks like - that it is somehow messing with cert-manager.

system · November 20, 2024, 2:59pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
404 on challenge Help	5	616	July 24, 2022
[Solved] Error trying to get certificates with cert-manager Help	11	5376	December 27, 2019
Some challenges have failed Help	2	596	May 17, 2023
K8s Cert manager keeps giving : Issuing certificate as Secret does not exist Help	2	9017	January 6, 2023
Cert-Manager Issuance Backoff Help	14	586	June 2, 2024

K8s Getting 404 while issuing certificate with cert-manager

nginx -T

Related topics

`nginx -T`