I’m configuring OpenReplay on EC2 in AWS. I have successfully completed the deployment and frontend integration on a public EC2 instance, using a LetsEncrypt SSL certificate.
I’m attempting to deploy it now within a VPC (private network) which I VPN into and route traffic through a gateway. The cert creation step appears to succeed:
ubuntu@ip-10-1-12-35:~/openreplay/scripts/helmcharts$ bash certmanager.sh
enter openreplay domain name: openreplay3.xxx.org
Enter your email address for letsencrypt certificate: xxx@xxx.org
[INFO] Email address xxx@xxx.org is valid.
[INFO] Installing cert-manager for auto letsencrypt certificate
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/ubuntu/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/ubuntu/.kube/config
"jetstack" has been added to your repositories
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/ubuntu/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/ubuntu/.kube/config
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "jetstack" chart repository
Update Complete. ⎈Happy Helming!⎈
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/ubuntu/.kube/config
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /home/ubuntu/.kube/config
Release "cert-manager" does not exist. Installing it now.
NAME: cert-manager
LAST DEPLOYED: Tue Apr 30 04:28:11 2024
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager v1.8.0 has been deployed successfully!
In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
More information on the different types of issuers and how to configure them
can be found in our documentation:
https://cert-manager.io/docs/configuration/
For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:
https://cert-manager.io/docs/usage/ingress/
clusterissuer.cert-manager.io/letsencrypt-prod created
However, accessing the URL shows that the it is still using Kubernetes Ingress Controller Fake Certificate instead of the LetsEncrypt one.
How could I investigate further why this is the case and fix it?
