olegade
commented
6 years ago Please let me know if I should provide further information about the setup
Closed olegade closed 6 years ago
olegade
commented
6 years ago Please let me know if I should provide further information about the setup
olegade
commented
6 years ago Found the issue. Somehow my kube-dns had an old IP adresse registered. When this was updated, it all worked :)
s4rd1nh4
commented
6 years ago Hello Olegade, How do you resolve the issue, can you post the commands?
When I try to setup kube-lego, I am unable to pass the acme-challenge selftest. The weird thing (for me anyway) is that the selftest url is responding with 200 OK and a token, if I call it from a browser.
Have anyone had the same problem, or have an idea on how I can progress on this? from the log of the kube-lego pod, I have this line: authorization failed after 1m0s: reachability test failed: Get http://xx.mydomain.yy/.well-known/acme-challenge/_selftest: dial tcp 40.xx.xx.xx:80: i/o timeout" context=acme domain=xx.mydomain.yy
time="2017-11-23T21:01:53Z" level=debug msg="worker: done processing true" context=kubelego time="2017-11-23T21:01:53Z" level=debug msg="worker: begin processing true" context=kubelego time="2017-11-23T21:01:53Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=kube-lego-nginx namespace=kube-system time="2017-11-23T21:01:53Z" level=debug msg=reset context=provider provider=gce time="2017-11-23T21:01:53Z" level=debug msg=finalize context=provider provider=gce time="2017-11-23T21:01:53Z" level=debug msg=reset context=provider provider=nginx time="2017-11-23T21:01:53Z" level=debug msg=finalize context=provider provider=nginx time="2017-11-23T21:01:53Z" level=info msg="process certificate requests for ingresses" context=kubelego time="2017-11-23T21:01:53Z" level=info msg="Attempting to create new secret" context=secret name=tls-kubelego-qa namespace=myNamespace time="2017-11-23T21:01:53Z" level=info msg="no cert associated with ingress" context="ingress_tls" name=myingress namespace=myNamespace time="2017-11-23T21:01:53Z" level=info msg="requesting certificate for xx.mydomain.yy" context="ingress_tls" name=myingress namespace=myNamespace time="2017-11-23T21:01:53Z" level=debug msg="testing reachability of http://xx.mydomain.yy/.well-known/acme-challenge/_selftest" context=acme domain=xx.mydomain.yy time="2017-11-23T21:02:23Z" level=debug msg="error while authorizing: reachability test failed: Get http://xx.mydomain.yy/.well-known/acme-challenge/_selftest: dial tcp 40.xx.xx.xx:80: i/o timeout" context=acme domain=xx.mydomain.yy **time="2017-11-23T21:02:24Z" level=debug msg="testing reachability of http://xx.mydomain.yy/.well-known/acme-challenge/_selftest" context=acme domain=xx.mydomain.yy time="2017-11-23T21:02:54Z" level=debug msg="error while authorizing: reachability test failed: Get http://xx.mydomain.yy/.well-known/acme-challenge/_selftest: dial tcp 40.xx.xx.xx:80: i/o timeout" context=acme domain=xx.mydomain.yy time="2017-11-23T21:02:54Z" level=warning msg="authorization failed after 1m0s: reachability test failed: Get http://xx.mydomain.yy/.well-known/acme-challenge/_selftest: dial tcp 40.xx.xx.xx:80: i/o timeout" context=acme domain=xx.mydomain.yy time="2017-11-23T21:02:54Z" level=error msg="Error while processing certificate requests: no domain could be authorized successfully" context=kubelego**Do I need to setup some kind of loopback to perform the selftest from the kube-lego pod? Or am I missing something else?
Thanks in advance.