Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/kubernetes/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
我的域的HTTPS加密未处于活动状态。我的订单证书未完成_Https_Kubernetes_Lets Encrypt_Azure Aks_Cert Manager - Fatal编程技术网

我的域的HTTPS加密未处于活动状态。我的订单证书未完成

我的域的HTTPS加密未处于活动状态。我的订单证书未完成,https,kubernetes,lets-encrypt,azure-aks,cert-manager,Https,Kubernetes,Lets Encrypt,Azure Aks,Cert Manager,我正在kubernetes集群中使用cert manager,以便将let'sencrypt CA签署的证书发送到集群中的服务应用程序 我正在按所示顺序执行以下步骤。我想提供尽可能多的流程细节,以便了解呈现的行为 单独安装CustomResourceDefinition资源 标记证书管理器命名空间以禁用资源验证 安装cert manager掌舵图 我已经确认了这些步骤,以避免可能出现的问题,所有步骤都可以 创造我的入口 我正在使用管理入口过程 我第一次以这种方式创建入口: 而我的入

我正在kubernetes集群中使用cert manager,以便将let'sencrypt CA签署的证书发送到集群中的服务应用程序

我正在按所示顺序执行以下步骤。我想提供尽可能多的流程细节,以便了解呈现的行为

单独安装CustomResourceDefinition资源 标记证书管理器命名空间以禁用资源验证 安装cert manager掌舵图
  • 我已经确认了这些步骤,以避免可能出现的问题,所有步骤都可以
创造我的入口
  • 我正在使用管理入口过程
  • 我第一次以这种方式创建入口:
  • 而我的入口是采取香港入口控制器
  • 应用它
  • 此群集服务器已在ACME letsencrypt服务器上注册
  • 应用它
此过程更新入口,创建一个名为
cm-acme-http-solver-jr4fg的入口

⟩ kubectl get ingress 
NAME                        HOSTS                                ADDRESS         PORTS     AGE
cm-acme-http-solver-jr4fg   test1kongletsencrypt.possibilit.nl                   80        33s
kong-ingress-zcrm365        test1kongletsencrypt.possibilit.nl   52.166.60.158   80, 443   56m
[I] 
cm-acme-http-solver-jr4fg
ingres的详细信息如下:

⟩ kubectl get ingress cm-acme-http-solver-jr4fg -o yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
  creationTimestamp: "2019-03-15T12:10:57Z"
  generateName: cm-acme-http-solver-
  generation: 1
  labels:
    certmanager.k8s.io/acme-http-domain: "4095675862"
    certmanager.k8s.io/acme-http-token: "657526223"
  name: cm-acme-http-solver-jr4fg
  namespace: default
  ownerReferences:
  - apiVersion: certmanager.k8s.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: Challenge
    name: letsencrypt-staging-2613163196-0
    uid: 638f1701-471b-11e9-a113-e27267a7d354
  resourceVersion: "628284"
  selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/cm-acme-http-solver-jr4fg
  uid: 640ef483-471b-11e9-a113-e27267a7d354
spec:
  rules:
  - host: test1kongletsencrypt.possibilit.nl
    http:
      paths:
      - backend:
          serviceName: cm-acme-http-solver-svmvw
          servicePort: 8089
        path: /.well-known/acme-challenge/W7-9-KuPao_jg6EF5E2FXitFs8shOEsY5PlT9EEvNxE
status:
  loadBalancer:
    ingress:
    - ip: 52.166.60.158 
  • 我们的
    kong-ingres-zcrm365
    资源入口的详细信息如下:
letsencypt暂存证书具有以下详细信息

⟩ kubectl describe certificate letsencrypt-staging
Name:         letsencrypt-staging
Namespace:    default
Labels:       <none>
Annotations:  <none>
API Version:  certmanager.k8s.io/v1alpha1
Kind:         Certificate
Metadata:
  Creation Timestamp:  2019-03-15T12:10:55Z
  Generation:          1
  Owner References:
    API Version:           extensions/v1beta1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  Ingress
    Name:                  kong-ingress-zcrm365
    UID:                   8643558f-4713-11e9-a113-e27267a7d354
  Resource Version:        628164
  Self Link:               /apis/certmanager.k8s.io/v1alpha1/namespaces/default/certificates/letsencrypt-staging
  UID:                     62b3a31e-471b-11e9-a113-e27267a7d354
Spec:
  Acme:
    Config:
      Domains:
        test1kongletsencrypt.possibilit.nl
      Http 01:
  Dns Names:
    test1kongletsencrypt.possibilit.nl
  Issuer Ref:
    Kind:       ClusterIssuer
    Name:       letsencrypt-staging
  Secret Name:  letsencrypt-staging
Status:
  Conditions:
    Last Transition Time:  2019-03-15T12:10:55Z
    Message:               Certificate issuance in progress. Temporary certificate issued.
    Reason:                TemporaryCertificate
    Status:                False
    Type:                  Ready
Events:
  Type    Reason              Age    From          Message
  ----    ------              ----   ----          -------
  Normal  Generated           7m24s  cert-manager  Generated new private key
  Normal  GenerateSelfSigned  7m24s  cert-manager  Generated temporary self signed certificate
  Normal  OrderCreated        7m23s  cert-manager  Created Order resource "letsencrypt-staging-2613163196"
[I] 
~/workspace/ZCRM365/Deployments/Kubernetes/cert-manager · (Deployments±)
据我所知,如果letsencrypt证书完成订单并颁发证书,在
letsencrypt staging
secret中,我将拥有一个tls.crt密钥,也许我的
letsencrypt staging
将是tls类型而不是不透明的

  • 当我看到cert manager pod的日志时,我得到以下输出,我认为http质询没有执行:
我收到此消息
未找到证书“default/letsencrypt-staging-26113163196-0”的现有HTTP01质询求解器pod
根据这一点,我决定将
certmanager.k8s.io/acme-challenge-type:http01
注释添加到我的
kong-ingres-zcrm365
ingres中,但什么都没有发生。。。我的入口已更新,但仅此而已

所有这些过程都确认TLS证书未成功颁发,并且HTTPS加密对于已配置的我的域test1kongletsencrypt.possibilit.nl未处于活动状态

这将使我的letsencrypt暂存证书具有
状态:False
,并且order created事件不会前进到completed以发出



  Conditions:
    Last Transition Time:  2019-03-15T12:10:55Z
    Message:               Certificate issuance in progress. Temporary certificate issued.
    Reason:                TemporaryCertificate
    Status:                False
    Type:                  Ready
Events:
  Type    Reason              Age                From          Message
  ----    ------              ----               ----          -------
  Normal  Generated           51m                cert-manager  Generated new private key
  Normal  GenerateSelfSigned  51m                cert-manager  Generated temporary self signed certificate
  Normal  Cleanup             5m42s              cert-manager  Deleting old Order resource "letsencrypt-staging-2613163196"
  Normal  OrderCreated        5m42s              cert-manager  Created Order resource "letsencrypt-staging-2965106631"
  Normal  OrderCreated        39s (x2 over 51m)  cert-manager  Created Order resource "letsencrypt-staging-2613163196"
  Normal  Cleanup             39s                cert-manager  Deleting old Order resource "letsencrypt-staging-2965106631"
[I] 
~/workspace/ZCRM365/Deployments/Kubernetes/cert-manager · (Deployments±)
如何将我的证书签名并成功地由letsencrypt CA颁发并激活https加密活动? 这些日志和消息发生了什么

kubectl logs -n kube-system cert-manager-6f68b58796-q7txg

0315 13:06:11.027204       1 logger.go:103] Calling Discover
I0315 13:06:11.032299       1 ingress.go:49] Looking up Ingresses for selector certmanager.k8s.io/acme-http-domain=4095675862,certmanager.k8s.io/acme-http-token=657526223
I0315 13:06:11.046081       1 sync.go:173] propagation check failed: wrong status code '404', expected '200'
I0315 13:06:11.046109       1 controller.go:212] challenges controller: Finished processing work item "default/letsencrypt-staging-2613163196-0"
I0315 13:06:21.046242       1 controller.go:206] challenges controller: syncing item 'default/letsencrypt-staging-2613163196-0'
我听说letsencrypt登台环境只有测试证书,这些是一种“假证书”,可能有些客户端,比如我的chrome/firefox浏览器不信任证书颁发者

这是我无法在我的域上启用https加密的原因吗? 在肯定的情况下,我是否应该从暂存环境更改为生产环境

有些人谈论这一点,但他们强调:

应该使用登台环境来测试您的客户机是否工作正常,是否可以生成挑战、证书和证书


在我的情况下,http质询不会在暂存环境中生成:(

以下是我通常使用的注释:

"ingress.kubernetes.io/ssl-redirect": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-production",
# I'd suggest adding these 2 below
"kubernetes.io/tls-acme": "true",
"kubernetes.io/ingress.class": "nginx"
此外,您没有发现此错误:

I0315 12:10:58.033431       1 sync.go:173] propagation check failed: wrong status code '404', expected '200'

我不确定这里到底出了什么问题,你的域名应该解析为你的入口,你应该能够访问
yourdomain.name/.well-known/acme challenge/W7-9-KuPao\u jg6EF5E2FXitFs8shOEsY5PlT9EEvNxE
(根据你的日志,这是加密验证响应url)

如果我添加
“kubernetes.io/ingres.class”:“nginx”
注释,这破坏了我的入口,因为我使用的入口控制器是kong而不是ngnx。我添加了
ingres.kubernetes.io/ssl-redirect:“true”
kubernetes.io/tls-acme:“true”
kubernetes.io/tls-acme:“true”
,但没有任何更改,证书管理器日志与此类似这是证书管理器pod日志
I0317 21:16:32.998741 1 pod.go:89]找到了pod“default/cm-acme-http-solver-mp9qc”,acme订单url注释设置为证书“default/letsencrypt-staging-2613631196-0”的url注释但它不属于证书资源,因此跳过它。I0317 21:16:32.998773 1入口。go:49]查找选择器certmanager的入口。k8s.io/acme http domain=4095675862,certmanager.k8s.io/acme http token=657526223 I0317 21:16:33.011474 1同步。go:173]传播检查失败:错误的状态代码“404”,预期为“200”
关于
kubernetes.io/tls-acme:true
此注释需要对
ingress shim
进行额外配置,即必须将默认颁发者指定为ingress shim容器的参数。但当前helm chart cert manager表示不需要启用shim,现在,我转到
yourdomain.name/.well-known/acme challenge/W7-9-KuPao_jg6EF5E2FXitFs8shOEsY5PlT9EEvNxE
这意味着
https://test1kongletsencrypt.possibilit.nl/.well-known/acme-challenge/W7-9-KuPao_jg6EF5E2FXitFs8shOEsY5PlT9EEvNxE
我得到了错误404。我一直在探索一些
证书管理器的问题,我发现了这个问题,但我不确定是否可能uld与我的情况有关
⟩ kubectl describe ingress  kong-ingress-zcrm365 
Name:             kong-ingress-zcrm365
Namespace:        default
Address:          52.166.60.158
Default backend:  default-http-backend:80 (<none>)
TLS:
  cert-manager-webhook-webhook-tls terminates test1kongletsencrypt.possibilit.nl
Rules:
  Host                                Path  Backends
  ----                                ----  --------
  test1kongletsencrypt.possibilit.nl  
                                      /   zcrm365dev:80 (<none>)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"kong-ingress-zcrm365","namespace":"default"},"spec":{"rules":[{"host":"test1kongletsencrypt.possibilit.nl","http":{"paths":[{"backend":{"serviceName":"zcrm365dev","servicePort":80},"path":"/"}]}}],"tls":[{"hosts":["test1kongletsencrypt.possibilit.nl"],"secretName":"cert-manager-webhook-webhook-tls"}]}}

Events:
  Type    Reason  Age    From                     Message
  ----    ------  ----   ----                     -------
  Normal  CREATE  3m30s  kong-ingress-controller  Ingress default/kong-ingress-zcrm365
  Normal  UPDATE  3m28s  kong-ingress-controller  Ingress default/kong-ingress-zcrm365
[I] 
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
 name: letsencrypt-staging
spec:
 acme:
   # The ACME server URL
   server: https://acme-staging-v02.api.letsencrypt.org/directory
   # Email address used for ACME registration
   email: b.garcia@possibilit.nl
   # Name of a secret used to store the ACME account private key
   privateKeySecretRef:
     name: letsencrypt-staging
   # Enable the HTTP-01 challenge provider
   http01: {}
⟩ kubectl apply -f 01-lets-encrypt-issuer-staging.yaml 
clusterissuer.certmanager.k8s.io/letsencrypt-staging created
[I] 
⟩ kubectl describe clusterissuers letsencrypt-staging
Name:         letsencrypt-staging
Namespace:    
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"certmanager.k8s.io/v1alpha1","kind":"ClusterIssuer","metadata":{"annotations":{},"name":"letsencrypt-staging"},"spec":{"acm...
API Version:  certmanager.k8s.io/v1alpha1
Kind:         ClusterIssuer
Metadata:
  Creation Timestamp:  2019-03-15T11:38:03Z
  Generation:          1
  Resource Version:    623999
  Self Link:           /apis/certmanager.k8s.io/v1alpha1/clusterissuers/letsencrypt-staging
  UID:                 cb48b391-4716-11e9-a113-e27267a7d354
Spec:
  Acme:
    Email:  b.garcia@possibilit.nl
    Http 01:
    Private Key Secret Ref:
      Name:  letsencrypt-staging
    Server:  https://acme-staging-v02.api.letsencrypt.org/directory
Status:
  Acme:
    Uri:  https://acme-staging-v02.api.letsencrypt.org/acme/acct/8579841
  Conditions:
    Last Transition Time:  2019-03-15T11:38:05Z
    Message:               The ACME account was registered with the ACME server
    Reason:                ACMEAccountRegistered
    Status:                True
    Type:                  Ready
Events:                    <none>
[I] 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kong-ingress-zcrm365
  #namespace: default
  annotations:
    # kubernetes.io/ingress.class: "nginx" #new
    # certmanager.k8s.io/acme-challenge-type: http01

    # add an annotation indicating the issuer to use.
    certmanager.k8s.io/cluster-issuer: letsencrypt-staging

spec:
  rules: 
  - host: test1kongletsencrypt.possibilit.nl
    http:
      paths:
        - path: "/"
          backend:
            serviceName: zcrm365dev
            servicePort: 80    
  tls: 
  - hosts: 
    - test1kongletsencrypt.possibilit.nl
    secretName:  letsencrypt-staging # I've added this secret of letsencrypt cluster issuer
⟩ kubectl apply -f 03-zcrm365-ingress.yaml 
ingress.extensions/kong-ingress-zcrm365 configured
[I]
⟩ kubectl get ingress 
NAME                        HOSTS                                ADDRESS         PORTS     AGE
cm-acme-http-solver-jr4fg   test1kongletsencrypt.possibilit.nl                   80        33s
kong-ingress-zcrm365        test1kongletsencrypt.possibilit.nl   52.166.60.158   80, 443   56m
[I] 
⟩ kubectl get ingress cm-acme-http-solver-jr4fg -o yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
  creationTimestamp: "2019-03-15T12:10:57Z"
  generateName: cm-acme-http-solver-
  generation: 1
  labels:
    certmanager.k8s.io/acme-http-domain: "4095675862"
    certmanager.k8s.io/acme-http-token: "657526223"
  name: cm-acme-http-solver-jr4fg
  namespace: default
  ownerReferences:
  - apiVersion: certmanager.k8s.io/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: Challenge
    name: letsencrypt-staging-2613163196-0
    uid: 638f1701-471b-11e9-a113-e27267a7d354
  resourceVersion: "628284"
  selfLink: /apis/extensions/v1beta1/namespaces/default/ingresses/cm-acme-http-solver-jr4fg
  uid: 640ef483-471b-11e9-a113-e27267a7d354
spec:
  rules:
  - host: test1kongletsencrypt.possibilit.nl
    http:
      paths:
      - backend:
          serviceName: cm-acme-http-solver-svmvw
          servicePort: 8089
        path: /.well-known/acme-challenge/W7-9-KuPao_jg6EF5E2FXitFs8shOEsY5PlT9EEvNxE
status:
  loadBalancer:
    ingress:
    - ip: 52.166.60.158 
⟩ kubectl describe  ingress kong-ingress-zcrm365
Name:             kong-ingress-zcrm365
Namespace:        default
Address:          52.166.60.158
Default backend:  default-http-backend:80 (<none>)
TLS:
  letsencrypt-staging terminates test1kongletsencrypt.possibilit.nl
Rules:
  Host                                Path  Backends
  ----                                ----  --------
  test1kongletsencrypt.possibilit.nl  
                                      /   zcrm365dev:80 (<none>)
Annotations:
  certmanager.k8s.io/cluster-issuer:                 letsencrypt-staging
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"extensions/v1beta1","kind":"Ingress","metadata":{"annotations":{"certmanager.k8s.io/cluster-issuer":"letsencrypt-staging"},"name":"kong-ingress-zcrm365","namespace":"default"},"spec":{"rules":[{"host":"test1kongletsencrypt.possibilit.nl","http":{"paths":[{"backend":{"serviceName":"zcrm365dev","servicePort":80},"path":"/"}]}}],"tls":[{"hosts":["test1kongletsencrypt.possibilit.nl"],"secretName":"letsencrypt-staging"}]}}

Events:
  Type    Reason             Age                  From                     Message
  ----    ------             ----                 ----                     -------
  Normal  CREATE             60m                  kong-ingress-controller  Ingress default/kong-ingress-zcrm365
  Normal  UPDATE             4m25s (x2 over 60m)  kong-ingress-controller  Ingress default/kong-ingress-zcrm365
  Normal  CreateCertificate  4m25s                cert-manager             Successfully created Certificate "letsencrypt-staging"
[I] 
⟩ kubectl get certificates 
NAME
letsencrypt-staging
[I]
⟩ kubectl describe certificate letsencrypt-staging
Name:         letsencrypt-staging
Namespace:    default
Labels:       <none>
Annotations:  <none>
API Version:  certmanager.k8s.io/v1alpha1
Kind:         Certificate
Metadata:
  Creation Timestamp:  2019-03-15T12:10:55Z
  Generation:          1
  Owner References:
    API Version:           extensions/v1beta1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  Ingress
    Name:                  kong-ingress-zcrm365
    UID:                   8643558f-4713-11e9-a113-e27267a7d354
  Resource Version:        628164
  Self Link:               /apis/certmanager.k8s.io/v1alpha1/namespaces/default/certificates/letsencrypt-staging
  UID:                     62b3a31e-471b-11e9-a113-e27267a7d354
Spec:
  Acme:
    Config:
      Domains:
        test1kongletsencrypt.possibilit.nl
      Http 01:
  Dns Names:
    test1kongletsencrypt.possibilit.nl
  Issuer Ref:
    Kind:       ClusterIssuer
    Name:       letsencrypt-staging
  Secret Name:  letsencrypt-staging
Status:
  Conditions:
    Last Transition Time:  2019-03-15T12:10:55Z
    Message:               Certificate issuance in progress. Temporary certificate issued.
    Reason:                TemporaryCertificate
    Status:                False
    Type:                  Ready
Events:
  Type    Reason              Age    From          Message
  ----    ------              ----   ----          -------
  Normal  Generated           7m24s  cert-manager  Generated new private key
  Normal  GenerateSelfSigned  7m24s  cert-manager  Generated temporary self signed certificate
  Normal  OrderCreated        7m23s  cert-manager  Created Order resource "letsencrypt-staging-2613163196"
[I] 
~/workspace/ZCRM365/Deployments/Kubernetes/cert-manager · (Deployments±)
⟩ kubectl describe secrets letsencrypt-staging -n kube-system
Name:         letsencrypt-staging
Namespace:    kube-system
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
tls.key:  1675 bytes
[I] 
I0315 12:10:57.833858       1 logger.go:103] Calling Discover
I0315 12:10:57.856136       1 pod.go:64] No existing HTTP01 challenge solver pod found for Certificate "default/letsencrypt-staging-2613163196-0". One will be created.
I0315 12:10:57.923080       1 service.go:51] No existing HTTP01 challenge solver service found for Certificate "default/letsencrypt-staging-2613163196-0". One will be created.
I0315 12:10:57.989596       1 ingress.go:49] Looking up Ingresses for selector certmanager.k8s.io/acme-http-domain=4095675862,certmanager.k8s.io/acme-http-token=657526223
I0315 12:10:57.989682       1 ingress.go:98] No existing HTTP01 challenge solver ingress found for Challenge "default/letsencrypt-staging-2613163196-0". One will be created.
I0315 12:10:58.014803       1 controller.go:178] ingress-shim controller: syncing item 'default/cm-acme-http-solver-jr4fg'
I0315 12:10:58.014842       1 sync.go:64] Not syncing ingress default/cm-acme-http-solver-jr4fg as it does not contain necessary annotations
I0315 12:10:58.014846       1 controller.go:184] ingress-shim controller: Finished processing work item "default/cm-acme-http-solver-jr4fg"
I0315 12:10:58.015447       1 ingress.go:49] Looking up Ingresses for selector certmanager.k8s.io/acme-http-domain=4095675862,certmanager.k8s.io/acme-http-token=657526223
I0315 12:10:58.033431       1 sync.go:173] propagation check failed: wrong status code '404', expected '200'
I0315 12:10:58.079504       1 controller.go:212] challenges controller: Finished processing work item "default/letsencrypt-staging-2613163196-0"
I0315 12:10:58.079616       1 controller.go:206] challenges controller: syncing item 'default/letsencrypt-staging-2613163196-0'
I0315 12:10:58.079569       1 controller.go:184] orders controller: syncing item 'default/letsencrypt-staging-2613163196'


  Conditions:
    Last Transition Time:  2019-03-15T12:10:55Z
    Message:               Certificate issuance in progress. Temporary certificate issued.
    Reason:                TemporaryCertificate
    Status:                False
    Type:                  Ready
Events:
  Type    Reason              Age                From          Message
  ----    ------              ----               ----          -------
  Normal  Generated           51m                cert-manager  Generated new private key
  Normal  GenerateSelfSigned  51m                cert-manager  Generated temporary self signed certificate
  Normal  Cleanup             5m42s              cert-manager  Deleting old Order resource "letsencrypt-staging-2613163196"
  Normal  OrderCreated        5m42s              cert-manager  Created Order resource "letsencrypt-staging-2965106631"
  Normal  OrderCreated        39s (x2 over 51m)  cert-manager  Created Order resource "letsencrypt-staging-2613163196"
  Normal  Cleanup             39s                cert-manager  Deleting old Order resource "letsencrypt-staging-2965106631"
[I] 
~/workspace/ZCRM365/Deployments/Kubernetes/cert-manager · (Deployments±)
kubectl logs -n kube-system cert-manager-6f68b58796-q7txg

0315 13:06:11.027204       1 logger.go:103] Calling Discover
I0315 13:06:11.032299       1 ingress.go:49] Looking up Ingresses for selector certmanager.k8s.io/acme-http-domain=4095675862,certmanager.k8s.io/acme-http-token=657526223
I0315 13:06:11.046081       1 sync.go:173] propagation check failed: wrong status code '404', expected '200'
I0315 13:06:11.046109       1 controller.go:212] challenges controller: Finished processing work item "default/letsencrypt-staging-2613163196-0"
I0315 13:06:21.046242       1 controller.go:206] challenges controller: syncing item 'default/letsencrypt-staging-2613163196-0'
"ingress.kubernetes.io/ssl-redirect": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-production",
# I'd suggest adding these 2 below
"kubernetes.io/tls-acme": "true",
"kubernetes.io/ingress.class": "nginx"
I0315 12:10:58.033431       1 sync.go:173] propagation check failed: wrong status code '404', expected '200'