How to setup letsencrypt cert issuer for kubernetes on AWS EKS with Terraform How to setup letsencrypt cert issuer for kubernetes on AWS EKS with Terraform kubernetes kubernetes

How to setup letsencrypt cert issuer for kubernetes on AWS EKS with Terraform


kubernetes ssl-certificate terraform cert-manager

Basically, letsencrypt is not issuing the certificate for you so it's defaulting to the Fake cert. You need to make sure that my.domain.alias.to.cluster.address.io is publicly resolvable, say through a DNS server like 8.8.8.8 and then it needs to resolve to a publicly accessible IP address. You can debug what's happening by looking at the certmanager pod logs.

$ kubectl logs <certmanagerpod>

You can also see the details about the certificates (and you might be able to see why it didn't get issued).

$ kubectl get certificates$ kubectl describe <certificate-name>

Another aspect is that you could be being rate-limited by https://acme-v02.api.letsencrypt.org/directory which is their prod environment. You could also try: https://acme-staging-v02.api.letsencrypt.org/directory which is their staging environment.

kubernetes ssl-certificate terraform cert-manager

It turned out I was missing host in ingress rule. path is not enough if I want to use certificate.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last