K8S cert-manager Letsencrypt certs for loadbalancers services

1/20/2022

I'm facing an issue I have not been able to fix yet. I'm using cert-manager in my K8s cluster to issue certificates. It works well for resources which are exposed through Ingresses thanks to the annotations. I have 2 ressources in my cluster which are exposed through loadbalancers services. I can't figure out how to use hte http01 solver to work in that case. Indeed I create a certificate object stating the domain name. It creates a temp pod, service and ingress to verify the domain. But since the domain I'm creating the cert for is already present in the DNS and pointing to the Loadbalancers FQDN (AWS EKS), letsencrypt connects to the loadbalancers and I get a connection refused trying to get the challenge. How can I make cert-manager use the already existing services to solve the http-01 challenge ? Thanks in advance.

-- moulip
cert-manager
certificate
kubernetes
service
ssl

0 Answers