https://rancher.com/ logo
Title
a

acoustic-processor-40872

02/13/2023, 9:30 PM
Have any of you had experience getting cert-manager to work on your RKE k8s cluster? I can't seem get passed the self-check part. I ask here because maybe it's RKE config that's preventing the self-check from working?
a

agreeable-oil-87482

02/13/2023, 9:40 PM
What self check?
a

agreeable-oil-87482

02/13/2023, 9:59 PM
I don't see how anything specific with RKE would affect this. What's the error you're getting?
a

acoustic-processor-40872

02/13/2023, 10:06 PM
I read online that maybe it's related to the cluster's networking.
Here's the error when I run
k describe challenge
Reason:      Waiting for HTTP-01 challenge propagation: failed to perform self check GET request <CHALLENGE_URL>.
I can access the challenge url from my browser no problem. But my pods can't seem to find them even though I've added the domain to my cluster's DNS.
I know this might not be an RKE problem but any help pointing me in the right direction would be greatly appreciated. I've been on this for about a week...
a

agreeable-oil-87482

02/13/2023, 10:09 PM
So your pods can't resolve the challenge URL?
a

acoustic-processor-40872

02/13/2023, 10:10 PM
Correct.
a

agreeable-oil-87482

02/13/2023, 10:12 PM
Is that challenge URL external to the cluster?
a

acoustic-processor-40872

02/13/2023, 10:18 PM
That challenge url is reachable from external.
I made an ingress object pointing to one of my web apps using the domain that's in the challenge URL.
I changed the challenge from HTTP01 to DNS01 and it worked no problem with DigitalOcean as the DNS manager.
l

lively-zoo-40381

03/14/2023, 2:07 PM
Hello, How did you change the challenge ? by editing it directly ?
Error from server (NotAcceptable): error when replacing admission webhook "<http://webhook.cert-manager.io|webhook.cert-manager.io>" denied the request: spec: Forbidden: challenge spec is immutable after creation
I guess you added an issuer ? In Helm I don’t see option for setting issuer…
image.png
image.png