https://rancher.com/ logo
#general
Title
# general
a

adamant-kite-43734

02/13/2023, 9:30 PM
This message was deleted.
a

agreeable-oil-87482

02/13/2023, 9:40 PM
What self check?
a

agreeable-oil-87482

02/13/2023, 9:59 PM
I don't see how anything specific with RKE would affect this. What's the error you're getting?
a

acoustic-processor-40872

02/13/2023, 10:06 PM
I read online that maybe it's related to the cluster's networking.
Here's the error when I run
k describe challenge
Copy code
Reason:      Waiting for HTTP-01 challenge propagation: failed to perform self check GET request <CHALLENGE_URL>.
I can access the challenge url from my browser no problem. But my pods can't seem to find them even though I've added the domain to my cluster's DNS.
I know this might not be an RKE problem but any help pointing me in the right direction would be greatly appreciated. I've been on this for about a week...
a

agreeable-oil-87482

02/13/2023, 10:09 PM
So your pods can't resolve the challenge URL?
a

acoustic-processor-40872

02/13/2023, 10:10 PM
Correct.
a

agreeable-oil-87482

02/13/2023, 10:12 PM
Is that challenge URL external to the cluster?
a

acoustic-processor-40872

02/13/2023, 10:18 PM
That challenge url is reachable from external.
I made an ingress object pointing to one of my web apps using the domain that's in the challenge URL.
I changed the challenge from HTTP01 to DNS01 and it worked no problem with DigitalOcean as the DNS manager.
l

lively-zoo-40381

03/14/2023, 2:07 PM
Hello, How did you change the challenge ? by editing it directly ?
Copy code
Error from server (NotAcceptable): error when replacing admission webhook "<http://webhook.cert-manager.io|webhook.cert-manager.io>" denied the request: spec: Forbidden: challenge spec is immutable after creation
I guess you added an issuer ? In Helm I don’t see option for setting issuer…
10 Views