Yes sure! If acme servers can't join your routers the HTTP challenge can't be validated.
Maybe it could be nice to add optional support to this in openshift-ansible: - deploy openshift-acme - create a route in front of the kubernetes service with the proper annotation Le jeu. 6 sept. 2018 à 08:27, Daniel Comnea <[email protected]> a écrit : > Very nice Mickael ! > > Just a minor note (although i'm sure you know already) if others bump into > this thread, this method works for public domains but it won't work if your > domain is internal/ dev one (i.e - .local). > > Dani > > On Wed, Sep 5, 2018 at 4:11 PM Mickaël Canévet <[email protected]> > wrote: > >> Thanks a lot Tobias, >> >> That helped a lot, it's working fine. >> Now I have a Let's Encrypt certificate for my web console without using >> an external reverse proxy \o/ >> >> Kind regards, >> Mickaël >> >> Le mer. 5 sept. 2018 à 13:17, Tobias Florek <[email protected]> a >> écrit : >> >>> Hi! >>> >>> It is certainly possible. >>> >>> You already have a "kubernetes" service in the default namespace. You >>> only need to expose that service's https port with Reencrypt TLS-Policy >>> and set the kubernetes.io/tls-acme=true annotation. >>> >>> Your unsuccessful try was missing the reencrypt tls policy. >>> >>> Cheers, >>> Tobias Florek >>> _______________________________________________ >>> users mailing list >>> [email protected] >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >> >> >> -- >> « Any society that would give up a little liberty to gain a little >> security will deserve neither and lose both. » >> (Benjamin Franklin) >> _______________________________________________ >> users mailing list >> [email protected] >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > -- « Any society that would give up a little liberty to gain a little security will deserve neither and lose both. » (Benjamin Franklin)
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
