Waiting for HTTP-01 challenge propagation: wrong status code '503', expected '200'

Help
1

My domain is: api.johnny-luu.com

Hi guys, i'm using K8s with Nginx Ingress and Cert Manager, and it's having the error above with the challenge:

Waiting for HTTP-01 challenge propagation: wrong status code '503', expected '200'

I've use letsdebug.net to check my domain, but it says OK. Therefore i don't know what is causing the error

This is my setup for Issuer:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
  namespace: cert-manager
spec:
  acme:
    email: johnnyluu.dev@gmail.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-account-private-key
    solvers:
      - http01:
          ingress:
            ingressClassName: nginx

And my Ingress file:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: simple-bank-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  ingressClassName: nginx
  rules:
    - host: 'api.johnny-luu.com'
      http:
        paths:
          - pathType: Prefix
            path: '/'
            backend:
              service:
                name: simple-bank-api-service
                port:
                  number: 80
  tls:
    - hosts:
        - api.johnny-luu.com
      secretName: simple-bank-api-cert

Thanks you guys so much

2

Additional:

  • Cert manager version is v1.17.2
  • Ingress nginx controller version is v1.12.1
3

thats your cert manger waiting challenge file update to apply every node:. it didn't ask any public server for validation yet.

2 Likes
5

@orangepizza thanks for your reply,
so what is the root cause behind it (my setup or letsencrypt server)? and what should i do to make it works?

6

why your server throw 503 error when it tests the challenge path?
no evidence but It feels like permission thing that nodes can't read that file

2 Likes
7

I've just be able to solve the issue and successfully signed the certificate, i did the following process:

  1. i was using 2 replicas for backend service -> reduce to 1
  2. update the ingress.yaml file to:
 // add this
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: nginx
spec:
  controller: k8s.io/ingress-nginx
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: simple-bank-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true" // add this
spec:
  ingressClassName: nginx
  rules:
    - host: 'api.johnny-luu.com'
      http:
        paths:
          - pathType: Prefix
            path: '/'
            backend:
              service:
                name: simple-bank-api-service
                port:
                  number: 80
  tls:
    - hosts:
        - api.johnny-luu.com
      secretName: simple-bank-api-cert
  1. restart new certificate
kubectl delete certificate simple-bank-api-cert
kubectl delete order -A
kubectl delete challenge -A

finally, i'm not sure which is actually the root cause neither