Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: lab.k5s.xyz
I have setup a K8S cluster in private data center, and installed Nginx Ingress Controller with host network and Cert-Manger.
I have a public domain lab.k5s.xyz, due to there is no public in data center, so I add a A record in DNS *.lab.k5s.xyz point to the private IP of the node which Nginx Ingress Controller pod running.
I have tried to use http-0, but i got the error “Accepting challenge authorization failed: acme: authorization error for demo.lab.k5s.xyz: 400 urn:ietf:params:acme:error:dns: No valid IP addresses found for demo.lab.k5s.xyz”.
Can I using Cert-Manager to issue the SSL certificate? if yes, which validation method is ok? http-01 or DNS?
How can I make it works? thanks!