Replies: 1 comment 2 replies
-
turning the proxy off/on helped (as with most of the things in IT). |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
cert-manager HTTP-01 challenges fail if you use Cloudflare for DNS and make use of their proxy capabilities. When using these, the origin web server IP is hidden and challenges result in a 526 HTTP status code.
If the Cloudflare proxy is disabled, the challenge will succeed, at which point the proxy can be re-enabled, although I imagine it'll fail again when the certificate expires and cert-manager issues a new challenge.
Is there any guidance on how to work around this? I imagine limiting access to the origin web server isn't uncommon.
A write up on the issue can be found here: https://www.starkandwayne.com/blog/getting-kubernetes-cert-manager-to-work-with-cloudflare-and-lets-encrypt/index.html
Beta Was this translation helpful? Give feedback.
All reactions