TLS Certificates with Kong Ingress Controller without Host

Hi, I’m trying to follow the steps here: https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/guides/cert-manager.md

Is there a way to do this without having a domain name? If I don’t use TLS certificates, I don’t put any host and I end up just using the kong-proxy URL + a path as a URL.

The main problem faced is that when trying to create it with a random name for the host, the certificate is stuck at temporary and at “OrderCreated”.

When looking into the cert-manager pod, I see the following logs:

I0806 18:36:11.974987 1 ingress.go:91] cert-manager/controller/challenges/http01/selfCheck/http01/ensureIngress “level”=0 “msg”=“found one existing HTTP01 solver ingress” “dnsName”=<host_name> “related_resource_kind”=“Ingress” “related_resource_name”=“cm-acme-http-solver-k4jpd” “related_resource_namespace”=“default” “resource_kind”=“Challenge” “resource_name”= “resource_namespace”=“default” “type”=“http-01”
E0806 18:36:12.465886 1 sync.go:180] cert-manager/controller/challenges “msg”=“propagation check failed” “error”=“wrong status code ‘404’, expected ‘200’” “dnsName”=<host_name> “resource_kind”=“Challenge” “resource_name”= “resource_namespace”=“default” “type”=“http-01”

If anyone is facing the same issue, this is what I used for a DNS domain name:

@Bosterito95 Was your issue resolved? It is unclear from your second post.

To get a TLS certificate, you will need to setup DNS correctly so that Let’s Encrypt can verify the ownership of the domain and then give you a certificate for it.

If you wish to automate DNS creation based on your Ingress definition, try using external-dns:

@hbagdi Yup, was running on Azure and set up a FQDN for the kong-proxy external IP.


© 2018 Kong Inc.    Terms  •  Privacy  •  FAQ