Unable to create certificate for Kubernetes web-app. cert-manager/challenges: propagation check failed" err="wrong status code '503', expected '200'"

Hello! I am working on deploying my app in k8s cluster. So, I decided to enable https connection to my application. I've created DNS name on the web-site Noip and connected it with the IP of my k8s cluster.
After that, I deployed cert-manager, ClusterIssuer, Certificate and then Ingress.

So, after applying a certificate i have the issue. Here are some logs of the pod of certificate-manager:

I0629 13:50:39.836830       1 service.go:45] "cert-manager/challenges/http01/selfCheck/http01/ensureService: found one existing HTTP01 solver Service for challenge resource" resource_name="cert-pd292-3618130802-4138407347" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="nodeart.bounceme.net" type=HTTP-01 related_resource_name="cm-acme-http-solver-k2vs5" related_resource_namespace="default" related_resource_kind="" related_resource_version=""
I0629 13:50:39.836965       1 ingress.go:99] "cert-manager/challenges/http01/selfCheck/http01/ensureIngress: found one existing HTTP01 solver ingress" resource_name="cert-pd292-3618130802-4138407347" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="nodeart.bounceme.net" type=HTTP-01 related_resource_name="cm-acme-http-solver-56pdn" related_resource_namespace="default" related_resource_kind="Ingress" related_resource_version="v1"
E0629 13:50:39.840308       1 sync.go:190] "cert-manager/challenges: propagation check failed" err="wrong status code '503', expected '200'" resource_name="cert-pd292-3618130802-4138407347" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="nodeart.bounceme.net" type=HTTP-01

Can you help me with this, please?

Hello @Artyom2, welcome to the Let's Encrypt community.

Using the online tool Let's Debug yields these results https://letsdebug.net/nodeart.bounceme.net/1533951

ReservedAddress
Fatal
A private, inaccessible, IANA/IETF-reserved IP address was found for nodeart.bounceme.net. Let's Encrypt will always fail HTTP validation for any domain that is pointing to an address that is not routable on the internet. You should either remove this address and replace it with a public one or use the DNS validation method instead.
192.168.59.100 

The IPv4 address 192.168.59.100 is part of IPv4 Private Address Space and Filtering and cannot but used for the HTTP-01 challenge of the Challenge Types - Let's Encrypt

• IPv4 Private Address Space and Filtering - American Registry for Internet Numbers.
• Private network - Wikipedia

it's the ip of my k8s cluster...
but how can i reach the website?

Sorry but I do not know about k8s clusters
Kindly wait to see if there are more knowledgeable Let's Encrypt community volunteers willing to assist.

maybe you know the information about getting a certificate for your local dns?

Maybe this is of help Certificates for localhost - Let's Encrypt

There are al whole bunch of references answering your concern. READ ON!

Either:

• switch to a public IP [might not be possible]
• switch to DNS authentication
  [automation requires using a DSP, and ACME client, that support DNS zone updates via API]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.