I’m currently running jetstack/cert-manager on a kubernetes cluster. i have a setup that creates a self signed certificate on install for the gateway and i redirect all http traffic to https. now, for some installs of the application i want to switch to lets encrypt certificates. todo so i’m creating a new resource and cert-manager creates the acme order with http-01 validation (can’t use dns-01). but from then on, nothing happens. the order status stays at pending (for http-01 and all others).
i tried the system with http (80) validation and it worked. also, if i install a valid lets encrypt certificate and then delete it, cert-manager requests a new one which works too (i’m not sure if there is a shortcut or if this gets validated through a new challenge again?). i’ve tested the redirect with a curl -v -L -k command to follow and accept the certificate, and it returns the key on the challenge path.
From what i could find here, the http -> https redirect should be allowed (?), but i couldn’t find anything if the insecure self signed certificate would be allowed too.
This is more of a “concept” question rather than needing help fixing an issue, and since I’m currently in development the system would be mostly down again. But if someone can confirm that my use case should actually already work, then i’ll setup an environment where i’d be happy if someone could help me out
besides that, i’d be excited to here tipps on how to debug such issues, since i dont get any errors in the system and the order status does not have any feedback either.
sry for the lengthy text!
thanks for reading & helping out!