Yes sure! If acme servers can't join your routers the HTTP challenge can't be validated.
Maybe it could be nice to add optional support to this in openshift-ansible: - deploy openshift-acme - create a route in front of the kubernetes service with the proper annotation Le jeu. 6 sept. 2018 à 08:27, Daniel Comnea <comnea.d...@gmail.com> a écrit : > Very nice Mickael ! > > Just a minor note (although i'm sure you know already) if others bump into > this thread, this method works for public domains but it won't work if your > domain is internal/ dev one (i.e - .local). > > Dani > > On Wed, Sep 5, 2018 at 4:11 PM Mickaël Canévet <mickael.cane...@gmail.com> > wrote: > >> Thanks a lot Tobias, >> >> That helped a lot, it's working fine. >> Now I have a Let's Encrypt certificate for my web console without using >> an external reverse proxy \o/ >> >> Kind regards, >> Mickaël >> >> Le mer. 5 sept. 2018 à 13:17, Tobias Florek <opensh...@ibotty.net> a >> écrit : >> >>> Hi! >>> >>> It is certainly possible. >>> >>> You already have a "kubernetes" service in the default namespace. You >>> only need to expose that service's https port with Reencrypt TLS-Policy >>> and set the kubernetes.io/tls-acme=true annotation. >>> >>> Your unsuccessful try was missing the reencrypt tls policy. >>> >>> Cheers, >>> Tobias Florek >>> _______________________________________________ >>> users mailing list >>> users@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >> >> >> -- >> « Any society that would give up a little liberty to gain a little >> security will deserve neither and lose both. » >> (Benjamin Franklin) >> _______________________________________________ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> > -- « Any society that would give up a little liberty to gain a little security will deserve neither and lose both. » (Benjamin Franklin)
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
