How to setup letsencrypt cert issuer for kubernetes on AWS EKS with Terraform
Basically, letsencrypt is not issuing the certificate for you so it's defaulting to the Fake cert. You need to make sure that my.domain.alias.to.cluster.address.io
is publicly resolvable, say through a DNS server like 8.8.8.8
and then it needs to resolve to a publicly accessible IP address. You can debug what's happening by looking at the certmanager pod logs.
$ kubectl logs <certmanagerpod>
You can also see the details about the certificates (and you might be able to see why it didn't get issued).
$ kubectl get certificates$ kubectl describe <certificate-name>
Another aspect is that you could be being rate-limited by https://acme-v02.api.letsencrypt.org/directory
which is their prod environment. You could also try: https://acme-staging-v02.api.letsencrypt.org/directory
which is their staging environment.
It turned out I was missing host
in ingress rule. path
is not enough if I want to use certificate.