Open
Description
I have AWS EKS behind AWS Load Balancer
Lets Encrypt doesn't work at all with AWS NLB, and by using AWS Classic Load Balancer, i am able to register ONLY one host, after that for every other host i am getting the error ACME 403 Unauthenticated
this same error i am getting also when i use AWS NLB
error:
obtaining tlsSecret "test1.mydomain.com"."ambassador"
(hostnames=["test1.mydomain.com"]): acme: Error -> One or more domains had
a problem:
[test1.mydomain.com] acme: error: 403 ::
urn:ietf:params:acme:error:unauthorized :: Invalid response from
http://test1.mydomain.com/.well-known/acme-challenge/NM0XccervQ1Ldjm-50dsdf2F5qrZ2fdfsXqjyiuvium0V-tI
authority: https://acme-v02.api.letsencrypt.org/directory
The single validated host (test.mydomain.com), with AWS Classic Load Balancer, is reachable and doesn't have any other issue
Setup:
apiVersion: getambassador.io/v3alpha1
kind: Host
metadata:
name: test
namespace: ambassador
spec:
hostname: "test.mydomain.com"
acmeProvider:
email: [email protected]
authority: https://acme-v02.api.letsencrypt.org/directory
requestPolicy:
insecure:
action: Redirect
additionalPort: 8080
---
apiVersion: getambassador.io/v3alpha1
kind: Mapping
metadata:
name: test
namespace: ambassador
spec:
host: "test.mydomain.com"
prefix: "/"
service: "nginx.default:80"
---
apiVersion: getambassador.io/v3alpha1
kind: Host
metadata:
name: test1
namespace: ambassador
spec:
hostname: "test1.mydomain.com"
acmeProvider:
email: [email protected]
authority: https://acme-v02.api.letsencrypt.org/directory
requestPolicy:
insecure:
action: Redirect
additionalPort: 8080
---
apiVersion: getambassador.io/v3alpha1
kind: Mapping
metadata:
name: test1
namespace: ambassador
spec:
host: "test1.mydomain.com"
prefix: "/"
service: "nginx1.default:80"
EKS 1.21 (newly created - Edge Stack is the first resource)
Edge-stack 2.0.5
Metadata
Metadata
Assignees
Labels
No labels
Activity