Using HTTP01 Challenge with Azure Application Gateway for Containers #6501
Replies: 2 comments
-
So I found this acme.cert-manager.io/http01-edit-in-place: "true" Which almost gets me there, my issue now is that the challenge is happening over http which fails, need it to hit well-known over https, because once tls is enabled on the ingress resourece for App Gateway for Containers it stop accepting traffic on 80. Thinking the above might be the root of the problem. I don't see why AGFC would stop accepting http traffic for paths that define a host. If I remove the host, then it accepts http traffic but the well-known path has the host set. When reading Azure docs about normal app gateway, they clearly say that an ingress path with TLS and a host will be accessible over 80 and 443, but that does not seem to be the case with the current iteration of AGFC. "Now the guestbook application is available on both HTTP and HTTPS." |
Beta Was this translation helpful? Give feedback.
-
TL;DR: Add this annotation on the Hey! I've been fighting with this in the last days and today I found a solution. I assume you configured your cluster issuer with a
This creates a new ingress used only to solve HTTP01 challange and, as you correctly pointed out, the new ingress will have a different FQDN w.r.t. the ingress you have/want as your cluster entrypoint. This happens because when a new ingress is created, azure ALB controller creates a new AGFC frontend for it. You have to tell azure ALB to use the same frontend as for your main ingress, to do this just add the following annotation in the ingressTemplate of your solvers block: |
Beta Was this translation helpful? Give feedback.
-
Hi all,
I am looking for guidance on how to use the HTTP challenge with App Gateway for Containers.
The issue appears to be when the temporary ingress is created for the well-known endpoint.
Maybe I am missing something here, but it seems like doing a custom domain with DNS challenge is the only way I can get cert-manager working with App gateway for Containers.
Beta Was this translation helpful? Give feedback.
All reactions