K8S + Nginx Ingress Controller + Private datacenter Configuration is not working

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: lab.k5s.xyz

ENV:
I have setup a K8S cluster in private data center, and installed Nginx Ingress Controller with host network and Cert-Manger.
I have a public domain lab.k5s.xyz, due to there is no public in data center, so I add a A record in DNS *.lab.k5s.xyz point to the private IP of the node which Nginx Ingress Controller pod running.

I have tried to use http-0, but i got the error “Accepting challenge authorization failed: acme: authorization error for demo.lab.k5s.xyz: 400 urn:ietf:params:acme:error:dns: No valid IP addresses found for demo.lab.k5s.xyz”.

Question:
Can I using Cert-Manager to issue the SSL certificate? if yes, which validation method is ok? http-01 or DNS?

How can I make it works? thanks!

Br, Wayne

Hi @wwyhy

if you want to use http validation, a correct A-record yourDomain -> yourIP is required.

But there - https://check-your-website.server-daten.de/?q=lab.k5s.xyz - is no public ip address.

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
lab.k5s.xyz A yes 1 0
AAAA yes
www.lab.k5s.xyz A 10.71.21.163 No Hostname found yes 1 0
AAAA yes
*.k5s.xyz A Name Error yes
AAAA Name Error yes
CNAME Name Error yes
*.lab.k5s.xyz A 10.71.21.163 yes

10.71.21.163 is a private ip address. So that can’t work, Letsencrypt can’t connect your server.

If you don’t have a public ip address, you must use dns validation.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.