Home > Mobile >  challenge certificate behind nginx reverse proxy .well-known path
challenge certificate behind nginx reverse proxy .well-known path

Time:10-28

Help with ACME HTTP01 Let's Encrypt challenge please.

i'm trying to get certificate for domain behind proxy.

my config:

upstream kube-ingress-https {
    # The least number of active connections
    least_conn;
        server 172.22.16.3:443 max_fails=1 fail_timeout=300;
    }

server {
    listen 443;

    proxy_protocol on;
    proxy_pass kube-ingress-https;
}

my scheme: WORLD ====> NGINX (reverse proxy) ==============> K8S ingress(cert manager)

cert-manager shows: Waiting for HTTP-01 challenge propagation: wrong status code '502', expected '200'

curl -I -k https://k8s-dash.domain.kz/.well-known/acme-challenge/pXy1kENDkrXpGNKLeyCc8huIfgUILzjErxiYhj80mxI
HTTP/2 502
date: Fri, 21 Oct 2022 06:55:51 GMT
content-type: text/html
content-length: 150
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true


curl -I -k https://k8s-dash.mydomain.kz
HTTP/2 200
date: Fri, 21 Oct 2022 06:55:58 GMT
content-type: text/html; charset=utf-8
content-length: 1338
accept-ranges: bytes
cache-control: no-cache, no-store, must-revalidate
last-modified: Fri, 15 Oct 2021 07:41:12 GMT
strict-transport-security: max-age=15724800; includeSubDomains
access-control-allow-origin: *
access-control-allow-credentials: true

CodePudding user response:

i've found a solution:

i've delete ingress annotation: acme.cert-manager.io/http01-edit-in-place: "true"

Page link:https//www.codepudding.com/Mobile/590491.html

Prev:upload a large centos / nginx file
Next:Consuming messages in a Kafka topic ASAP
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding