I currently have a Kubernetes cluster running on GCP. In this cluster I have a working NGINX Ingress, but now I'm trying add a certificate to this by using cert-manager.
Everything works fine except the ACME challenge.
When I do a kubectl describe challenge
I get the following:
Status:
Presented: true
Processing: true
Reason: Waiting for HTTP-01 challenge propagation: failed to perform self check GET request
When the acme challenge creates a solver service I get the follow error message on GCP:
"All hosts are taken by other resources"
Image of the error I'm getting in google cloud
I have tried to create a Issuer and ClusterIssuer but the same problem keeps popping up.
After trying to solve the issues and browsing the web, I have figured out the solution. It is possible to add the following annotation:
annotations:
acme.cert-manager.io/http01-edit-in-place: "true"
After adding this line to my Ingress resource everything seemed to work perfectly. When this annotation is not passed in, cert-manager will create an extra Ingress for the acme challenge
See: Cert-manager, using an Ingress
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With