Can't generate SSL certificate with cert-manager

Traefik Traefik v2 (latest)
,
1

Hello,

I try to use Traefik 2.2 with CRD but i have an issue with generate http01 certificate. When describe challenges.acme.cert-manager.io i am stuck in pending with reason Waiting for http-01 challenge propagation: wrong status code '504', expected '200'.

When i port-forward the solver cm-acme-http-solver-xxx i could access to the well-known but with the url i can't the server never respond.

The certificate :

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: traefik-cert
spec:
  secretName: traefik-cert
  issuerRef:
    name: letsencrypt-staging
  commonName: traefik.domain.com
  dnsNames:
    - traefik.domain.com

The ingress :

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-web-ui
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`traefik.domain.com`)
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService
      middlewares:
        - name: traefik-auth
          namespace: traefik
  tls:
    secretName: traefik-cert

The issuer :

apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: contact@domain.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging
    # Enable HTTP01 validations
    solvers:
    - selector: {}
      http01:
        ingress:
          class: traefik

The deployment of Traefik :

apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: traefik
  name: traefik-ingress-controller
---
kind: Deployment
apiVersion: apps/v1
metadata:
  namespace: traefik
  name: traefik
  labels:
    app: traefik
spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
        - name: traefik
          image: traefik:v2.2
          args:
            - --log.level=INFO
            - --api
            - --api.dashboard
            # Providers
            - --providers.kubernetescrd
            - --providers.kubernetesingress
            # Entry points
            - --entrypoints.web.address=:80
            - --entrypoints.websecure.address=:443
          ports:
            - name: web
              containerPort: 80
            - name: websecure
              containerPort: 443
          resources:
            requests:
              memory: "64Mi"
              cpu: "100m"
            limits:
              memory: "64Mi"
              cpu: "250m"
---
apiVersion: v1
kind: Service
metadata:
  namespace: traefik
  name: traefik
spec:
  type: LoadBalancer
  selector:
    app: traefik
  ports:
    - protocol: TCP
      port: 80
      name: web
      targetPort: 80
    - protocol: TCP
      port: 443
      name: websecure
      targetPort: 443
  externalIPs:
    - x.x.x.x

The logs of traefik :

time="2020-05-06T09:48:30Z" level=error msg="Error configuring TLS: secret traefik/traefik-cert does not exist" namespace=traefik providerName=kubernetescrd ingress=traefik-web-ui
time="2020-05-06T09:48:30Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrd
time="2020-05-06T09:48:31Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetes

For my configuration i have follow that tutorial : https://www.cerenit.fr/tags/cert-manager/
And that : https://docs.traefik.io/user-guides/crd-acme/#ingressroute-definition

Thanks.

2

The is solved, it is just because my nodes not communicate.