Channels
extensions
rancher-extensions
supermicro-sixsq
ozt
os
one-point-x
rio
onlinemeetup
v16-v21-migration
events
onlinetraining
training-1220
training-0110
training-0124
k3s-contributor
submariner
storage
k3os
windows
ci-cd
theranchcast
rfed_ara
nederlands
ukranian
danish
training-0131
masterclass
training-0207
training-0214
terraform-controller
epinio
phillydotnet
swarm
rancher-wrangler
deutsch
russian
chinese
mesos
français
japanese
arm
longhorn-dev
terraform-provider-rke
service-mesh
azure
gcp
academy
random
elemental
espanol
lima
harvester-dev
portugues
kubernetes
kim
hypper
kubewarden
opni
logging
neuvector-security
rancher-setup
developer
office-hours
mexico
cabpr
rke
vsphere
longhorn-storage
k3s
k3d
terraform-provider-rancher2
fleet
amazon
harvester
rke2
s3gw
hobbyfarm
rancher-desktop
general
Title
a
acoustic-processor-40872
02/13/2023, 9:30 PMHave any of you had experience getting cert-manager to work on your RKE k8s cluster? I can't seem get passed the self-check part. I ask here because maybe it's RKE config that's preventing the self-check from working?
a
agreeable-oil-87482
02/13/2023, 9:40 PMWhat self check?
a
acoustic-processor-40872
02/13/2023, 9:57 PMa
agreeable-oil-87482
02/13/2023, 9:59 PMI don't see how anything specific with RKE would affect this. What's the error you're getting?
a
acoustic-processor-40872
02/13/2023, 10:06 PMI read online that maybe it's related to the cluster's networking.
Here's the error when I run
k describe challengeReason: Waiting for HTTP-01 challenge propagation: failed to perform self check GET request <CHALLENGE_URL>.I can access the challenge url from my browser no problem. But my pods can't seem to find them even though I've added the domain to my cluster's DNS.
I know this might not be an RKE problem but any help pointing me in the right direction would be greatly appreciated. I've been on this for about a week...
a
agreeable-oil-87482
02/13/2023, 10:09 PMSo your pods can't resolve the challenge URL?
a
acoustic-processor-40872
02/13/2023, 10:10 PMCorrect.
a
agreeable-oil-87482
02/13/2023, 10:12 PMIs that challenge URL external to the cluster?
a
acoustic-processor-40872
02/13/2023, 10:18 PMThat challenge url is reachable from external.
I made an ingress object pointing to one of my web apps using the domain that's in the challenge URL.
I changed the challenge from HTTP01 to DNS01 and it worked no problem with DigitalOcean as the DNS manager.
l
lively-zoo-40381
03/14/2023, 2:07 PMHello,
How did you change the challenge ? by editing it directly ?
Error from server (NotAcceptable): error when replacing admission webhook "<http://webhook.cert-manager.io|webhook.cert-manager.io>" denied the request: spec: Forbidden: challenge spec is immutable after creationI guess you added an issuer ?
In Helm I don’t see option for setting issuer…
image.png
image.png