Issues when starting for the first time

[deadcyclo]

I'm using the GCE example from the repo, but only changing domain and other things that need to be changed, like email. And on kube-lego behaves very odd.

The log spews out the following error messages for about 5 minutes: time="2017-06-23T14:22:07Z" level=debug msg="error while authorizing: reachability test failed: wrong status code '502'" context=acme domain=blogg.sut.cloud time="2017-06-23T14:22:15Z" level=debug msg="testing reachability of http://blogg.sut.cloud/.well-known/acme-challenge/_selftest" context=acme domain=blogg.sut.cloud

After 5 minutes, suddenly the certificate gets created. But https still doesn't work. To get https working, I have to destroy the ingress instance, and re-create it. After that, everything works fine, until you destroy the namespace. Once that is done, you get the exact same issue again when trying to redeploy it.

[ahmetb]

Not much you can do here because Google Cloud Load Balancer route changes take a few minutes to propagate across the globe, in the meanwhile kube-lego will check the domain name instead of asking Let's Encrypt to validate it (and then get rate-limited).

[munnerz]

As above, I think this is just an unfortunate implication of using the GCLB controller. Route updates take time to propagate, and in the meantime there's nothing that kube-lego can do to accelerate this. The selftest that you see failing there is actually stopping you hit your rate limits on LE.