SSL Errors Prevent Access to Rancher UI After Cluster Deployment with Hetzner-K3s

I deployed a Kubernetes cluster using the following command, and everything appeared to work without any errors:

hetzner-k3s create --config k3s.yaml | tee create.log

Next, I deployed a load balancer on Hetzner, which shows as healthy, using this command:

helm upgrade --install \
ingress-nginx ingress-nginx/ingress-nginx \
-f ./ingress-nginx-annotations.yaml \
--namespace ingress-nginx \
--create-namespace

This was done with the following configuration file:

ingress-nginx.yaml

controller:
  kind: DaemonSet
  service:
    annotations:
      load-balancer.hetzner.cloud/location: nbg1
      load-balancer.hetzner.cloud/name: ingress-nginx-lb
      load-balancer.hetzner.cloud/use-private-ip: "true"
      load-balancer.hetzner.cloud/uses-proxyprotocol: "true"
      load-balancer.hetzner.cloud/hostname: k8s.larvepoire.app
      load-balancer.hetzner.cloud/http-redirect-https: "false"
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: ingress-nginx-controller
  namespace: ingress-nginx
data:
  use-proxy-protocol: "true"

I then installed cert-manager using the command:

helm upgrade --install \
  cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --version v1.15.3 \
  --set crds.enabled=true

And applied the following configuration:

kubectl apply -f ./lets-encrypt.yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: my-email@gmail.com
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - http01:
          ingress:
            ingressClassName: nginx

At this point, everything seemed to be working correctly—all pods are running, and both ingress-nginx-controller and admission components seem fine, with an external-ip properly assigned to the controller.

However, I noticed something odd. When I send a GET request to my load balancer using Postman at http://k8s.larvepoire.app/, I receive the following response:

<html>
<head>
    <title>400 Bad Request</title>
</head>
<body>
    <center>
        <h1>400 Bad Request</h1>
    </center>
    <hr>
    <center>nginx</center>
</body>
</html>

Is this expected since no application is currently bound to this address, or am I mistaken?

Finally, the main issue arises when I deploy my test application (Rancher) using hello-world.yaml and ingress-hello-world.yaml. When I attempt to access the application via the web at https://rancherk8s.larvepoire.app, I receive the following error:

This site can’t provide a secure connection rancherk8s.larvepoire.app sent an invalid response. ERR_SSL_PROTOCOL_ERROR

What could be the cause of this issue?

apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-world
  labels:
    app: hello-world
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hello-world
  template:
    metadata:
      labels:
        app: hello-world
    spec:
      containers:
        - name: hello-world
          image: rancher/hello-world
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: hello-world
spec:
  selector:
    app: hello-world
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hello-world
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - rancherk8s.larvepoire.app
      secretName: rancherk8s.larvepoire.app-tls
  rules:
    - host: rancherk8s.larvepoire.app
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: hello-world
                port:
                  number: 80

vitobotta / hetzner-k3s

SSL Errors Prevent Access to Rancher UI After Cluster Deployment with Hetzner-K3s #433