K
Q

cert-manager challange stuck in waiting `Waiting for http-01 challenge propagation: failed to perform self check GET request`

4/30/2020

I have a challenge that is failing with:

Waiting for http-01 challenge propagation: failed to perform self check GET request, how can I resolve this, or at least diagnose it further?

Deleting the challenge results in a new challenge created with the same error. Surprising the URL responds with a correct http 200 and token (http://testabcxyz.ddns.net/.well-known/acme-challenge/8_F7kwZBcjgXPV2pq8GlxHrIcO_WJoNBtyf1hEr4lhk)

What is responsible for initiating the self check?

kubectl describe challenges --all-namespaces
Name:         testabcxyzingress-cert-1968456099-91847910-2604628612
Namespace:    local-testing
Labels:       <none>
Annotations:  <none>
API Version:  acme.cert-manager.io/v1alpha3
Kind:         Challenge
Metadata:
  Creation Timestamp:  2020-04-30T15:13:37Z
  Finalizers:
    finalizer.acme.cert-manager.io
  Generation:  1
  Owner References:
    API Version:           acme.cert-manager.io/v1alpha2
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  Order
    Name:                  testabcxyzingress-cert-1968456099-91847910
    UID:                   93838384-6f45-42d9-a32f-3b051fad55c4
  Resource Version:        1089800
  Self Link:               /apis/acme.cert-manager.io/v1alpha3/namespaces/local-testing/challenges/testabcxyzingress-cert-1968456099-91847910-2604628612
  UID:                     ac318c10-85ce-4a20-b178-a307fd20a039
Spec:
  Authz URL:  https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/52738879
  Dns Name:   testabcxyz.ddns.net
  Issuer Ref:
    Group:  cert-manager.io
    Kind:   ClusterIssuer
    Name:   letsencrypt-staging
  Key:      zzzzzzzzzzzzzzzzzzzzzzzzzzzzz
  Solver:
    http01:
      Ingress:
        Class:  nginx
  Token:        zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
  Type:         http-01
  URL:          https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/52738879/kysudg
  Wildcard:     false
Status:
  Presented:   true
  Processing:  true
  Reason:      Waiting for http-01 challenge propagation: failed to perform self check GET request 'http://testabcxyz.ddns.net/.well-known/acme-challenge/8_F7kwZBcjgXPV2pq8GlxHrIcO_WJoNBtyf1hEr4lhk': Get "http://testabcxyz.ddns.net/.well-known/acme-challenge/8_F7kwZBcjgXPV2pq8GlxHrIcO_WJoNBtyf1hEr4lhk": dial tcp 174.138.100.234:80: connect: connection timed out
  State:       pending
Events:        <none>
<Paste>
-- Chris Stryczynski
cert-manager
kubernetes

Similar Questions

When using a nginx kubernetes routing LoadBalancer with path redirects, why can I not access my service correctly?
Two Container Pod Creation
Debugging Kubernetes/GKE timeout issue while creating ingress with ingress-nginx
Adding a create permission for pods/portforward seems to remove the get permission for configmaps

1 Answer

5/7/2020

This eventually resolved, I can't remember what I did tough. I think there was an additional error message when doing a kubectl describe orders.

-- Chris Stryczynski
Source: StackOverflow