I am trying to create redirect rule to GC buckets with my own certs. I have such configuration:

kind: Service
apiVersion: v1
metadata:
  name: proxy-to-gcs
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
  type: ExternalName
  externalName: storage.googleapis.com
----
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: proxy-to-gcs
  annotations:
    kubernetes.io/tls-acme: "true"
    ingress.kubernetes.io/ssl-redirect: "true"
    ingress.kubernetes.io/rewrite-target: bucket_name/public
    kubernetes.io/ingress.class: nginx
spec:
  tls:
  - hosts:
    - www.example.com
    secretName: secret-name-tls
  rules:
  - host: www.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: proxy-to-gcs
          servicePort: 80

When I want to see www.example.com/.well-known/acme-challenge/ as kube-lego endpoint, I see google storage bucket 404 page. There is a problem in that rewrite-target, which doesn't consider existence of kube-lego. Any suggestions? Thanks.