Kuberenetes cert-manager and nginx

4/3/2019

I am attempting to setup jetstack/cert-manager on kubernetes. This will provide the certificates for multiple of my subdomains. It has worked great until I needed to create an nginx.conf file.

What happens now is that all the requests from cert-manager to http://www.redacted.com/.well-know/challenge/xx are handled by my application pod, rather than the cert-manager pods.

Does anyone know how I can keep an nginx config file, but let all .well-known requests be handled by the cert-manager pods? It seems that if I could choose the order of the ingresses, I could set the priority on my application ingress to last, so that the automatically created cert-manager ingresses get run first.

Many thanks!

-- Patrick Geyer
google-kubernetes-engine
kubernetes
kubernetes-ingress

2 Answers

4/3/2019

Try adding a service for your cert manager pods and then create and ingress resource with hostPath as /.well-known. This will take all your requests on the url you mentioned to the service you will create for the pods.

-- Aman Juneja
Source: StackOverflow

4/3/2019

So I figured this out and it of course wasn't an issue with cert-manager!

I had my root domain e.g. <redacted>.com automatically redirecting to www.<redacted>.com, but was also trying to generate a certificate at <redacted>.com as well as for the subdomains. Cert-manager failed because it couldn't reach the .well-known/acme-challenge of the root domain as it was being redirected.

The way I plan on solving this is generating the root certificate through DNS not HTTP, and that way the certificate will still be valid for <redacted>.com and I can still forward both http and https connections to the www subdomain.

-- Patrick Geyer
Source: StackOverflow