Open displague opened 3 years ago
https://github.com/equinix/terraform-metal-openshift-on-baremetal/blob/main/NEXTSTEPS.md#lets-encrypt-wildcard-certificates should be updated with the current script paths and should be automated.
https://github.com/vancluever/terraform-provider-acme (perhaps?) https://registry.terraform.io/modules/nephosolutions/certificate/acme/latest (related module)
The generated certificate for external access to the cluster is not trusted.
This may be due to failure reported by provisioners:
These provisioner errors do not reappear on subsequent provisions, but the certificate is invalid (bad issuer?):
I think this may be related to
assets/letsencrypt/1_configure_ingresscerts.sh
not being called (and requiring Cloudflare credentials). The older CSR records may be a problem too.To keep this simple, we may need to enable LetsEncrypt (by default) using an HTTP prover instead of DNS.
Originally posted by @displague in https://github.com/equinix/terraform-metal-openshift-on-baremetal/pull/2#issuecomment-786281757