kubernetes-ingress: cert manager challenge request not working with enabled ssl-redirect

Describe the bug I was add “ssl-redirect: True” option to my config map but cert manager doesn’t work with enabled this option because it try http request which redirects to https by ingress. Also I can’t disable this option from config map and rule if ($scheme = 'http') { return 301 https://$host$request_uri; } always present in my nginx configuration.

Expected behavior Redirect 301 disappear from nginx configuration if I disable ssl-redirect when set option “ssl-redirect: False” or cert manager challenge request works with enabled this option

Your environment

  • Version of the Ingress Controller - helm chart https://helm.nginx.com/stable ingress-nginx 0.15.1
  • Version of Kubernetes - 1.23.7
  • Kubernetes platform (e.g. Mini-kube or GCP) - Custom deploy(3 masters, 3 etc and 6 workers)
  • Using NGINX or NGINX Plus - NGINX

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 18 (5 by maintainers)

Most upvoted comments

Can this ticket be reopened?

I have a similar if not the same issue:

  • using latest versions of the Nginx Controller and cert-manager with up-to-date CRDs
  • a kind: VirtualServer object

I cannot have:

  • spec.tls.cert-manager.cluster-issuer to a value that uses http-01
  • spec.tls.redirect.enable=true.

If both properties are set as described, the .well-known http-01 challenge for http always issues a 301 redirect, and I cannot find anywhere to add an annotation to edit in place since no Ingress object is actually being created. While the snippet workaround functions are a workaround, I would not suspect this is an ideal solution in the long-term.

+2
alanivey on May 8, 2023

@alanivey I’ve opened #4408 on that topic.

+1
svvac on Sep 21, 2023

Hello @shaun-nx Ok, thanks for the help, I’ll change to redirect via snippet.

+1
IvanPletnyov on Jan 25, 2023

Hi @shaun-nx kubectl get all: https://gist.github.com/IvanPletnyov/58964564ba7c4f67e1c762f7899bc20d VS resource one of test servers(real URL was masked): https://gist.github.com/IvanPletnyov/a8f3dc99484323725ec8e79d5f4c7371

I was install Cert Manager v1.10.0 via helm with set installCRDs=true, also I was create ClusterIssuer: https://gist.github.com/IvanPletnyov/f3a598dba46ab32de132eff0dbfb110e

+1
IvanPletnyov on Jan 23, 2023
Read more comments on GitHub
← kubernetes-ingress: 413 Request Entity Too Large
kubernetes-ingress: HTTP to HTTPS not working  →