Unable to make it work

Traefik Traefik v3 (latest)
1

Hello, I've been so long trying to make HTTPS automatic certificates to work but I'm unable to. I've been for hours trying to make it work and I'm desperate.

Versions

kubernetes: Server Version: v1.30.5+k3s1
traefik: v3.1.4

Deployment files

traefik-values.yml

additionalArguments:
  - --certificatesresolvers.generic.acme.email=personal@email.com
  - --certificatesresolvers.generic.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
  - --certificatesresolvers.generic.acme.httpChallenge.entryPoint=web
  - --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json

logs:
  general:
    level: ERROR

ports:

  web:
    redirectTo:
      port: websecure
  websecure:
    tls:
      enabled: true

  
# Disable Dashboard
ingressRoute:
  dashboard:
    enabled: false

# Persistent Storage
persistence:
  enabled: true
  name: ssl-certs
  size: 1Gi
  path: /ssl-certs


# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
ingressClass:
  enabled: true
  isDefaultClass: true

Testing deploment (testing if works)

apiVersion: v1
kind: Namespace
metadata:
  name: test

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-config
  namespace: test
data:
  index.html: |
    <!DOCTYPE html>
    <html>
    <head>
        <title>Custom Nginx Page</title>
    </head>
    <body>
        <h1>Testing Service 1</h1>
    </body>
    </html>

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80
        volumeMounts:
        - name: nginx-html
          mountPath: /usr/share/nginx/html
      volumes:
      - name: nginx-html
        configMap:
          name: nginx-config

---
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
  namespace: test
spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: ClusterIP

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
  namespace: test
  annotations:
    spec.ingressClassName: "traefik"
spec:
  rules:
  - host: "test.mydomain.com"  
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-service
            port:
              number: 80

My run script

helm repo add traefik https://traefik.github.io/charts && \

helm repo update && \

helm install traefik traefik/traefik -f traefik-values.yml --namespace traefik --create-namespace

ERROR

The error that i'm getting in the traefik pod is

ERR github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:396 > Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [test.mydomain.com]: error: one or more domains had a problem:\n[test.mydomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: XX.XX.XX.XX: Invalid response from http://test.jmydomain.com/.well-known/acme-challenge/QQhBVjMSfeYu3f5DzOsT7hPmkeZN6vYfVQ-RL6I8kLE: 404\n"

If I access to test.mydomain.com in the browser it correctly renders, but whenever I try to access the same url as the probe is doing, I get 404 nginx screen like traefik is not intercepting the request to return the probe. I've been unable to make it work after thousands of changes. What I'm doing wrong. Please any more data that you need let me know.

2

Usually cert-manager is used with Traefik and k8s (doc).

When using httpChallenge, make sure your site is available on port 80 externally.