Hello, I've been so long trying to make HTTPS automatic certificates to work but I'm unable to. I've been for hours trying to make it work and I'm desperate.
Versions
kubernetes: Server Version: v1.30.5+k3s1
traefik: v3.1.4
Deployment files
traefik-values.yml
additionalArguments:
- --certificatesresolvers.generic.acme.email=personal@email.com
- --certificatesresolvers.generic.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
- --certificatesresolvers.generic.acme.httpChallenge.entryPoint=web
- --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json
logs:
general:
level: ERROR
ports:
web:
redirectTo:
port: websecure
websecure:
tls:
enabled: true
# Disable Dashboard
ingressRoute:
dashboard:
enabled: false
# Persistent Storage
persistence:
enabled: true
name: ssl-certs
size: 1Gi
path: /ssl-certs
# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
ingressClass:
enabled: true
isDefaultClass: true
Testing deploment (testing if works)
apiVersion: v1
kind: Namespace
metadata:
name: test
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: test
data:
index.html: |
<!DOCTYPE html>
<html>
<head>
<title>Custom Nginx Page</title>
</head>
<body>
<h1>Testing Service 1</h1>
</body>
</html>
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: test
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
volumeMounts:
- name: nginx-html
mountPath: /usr/share/nginx/html
volumes:
- name: nginx-html
configMap:
name: nginx-config
---
apiVersion: v1
kind: Service
metadata:
name: nginx-service
namespace: test
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
namespace: test
annotations:
spec.ingressClassName: "traefik"
spec:
rules:
- host: "test.mydomain.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
My run script
helm repo add traefik https://traefik.github.io/charts && \
helm repo update && \
helm install traefik traefik/traefik -f traefik-values.yml --namespace traefik --create-namespace
ERROR
The error that i'm getting in the traefik pod is
ERR github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:396 > Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [test.mydomain.com]: error: one or more domains had a problem:\n[test.mydomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: XX.XX.XX.XX: Invalid response from http://test.jmydomain.com/.well-known/acme-challenge/QQhBVjMSfeYu3f5DzOsT7hPmkeZN6vYfVQ-RL6I8kLE: 404\n"
If I access to test.mydomain.com in the browser it correctly renders, but whenever I try to access the same url as the probe is doing, I get 404 nginx screen like traefik is not intercepting the request to return the probe. I've been unable to make it work after thousands of changes. What I'm doing wrong. Please any more data that you need let me know.