Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Is this a request for help?: Yes
What keywords did you search in NGINX Ingress controller issues before filing this one?: ssl local resolution
Is this a BUG REPORT or FEATURE REQUEST?: BUG REPORT
NGINX Ingress controller version: 0.26.1
Kubernetes version: 1.16.1 client/ 1.14 server
Both services are in the same pod.
Intermittently, requests from service A to service B will fail. Trying to reproduce this error by doing manual requests outside of the pod with the following command never throws that same error
But if we execute this same command inside the ingress-nginx pod, it will start throwing intermittent errors:
Analyzing the openssl output, we see that sometimes its only returning the fake default certificate instead of the LetsEncrypt one, and those cases are the ones raising errors:
What you expected to happen:
The ssl certificate used for every request, both local and external, would be the LetsEncrypt one.
Do you see this behaviour with only 0.26.1? Can you try 0.25.1 and see what happens with that.
Also please post the Nginx logs.
Most importantly the best possible way to make sure these kind of issues get addressed is to PR an e2e test that fails because of this.
I had the same problem on 0.26.1. After downgrade to 0.25.1 everything is OK.
On 0.26.1 it looks like the challenge URL wasn't available, so no certificate could be obtained from cert-manager. So there was only private key in Certificate resource(thus fake default certificate was received).