SSL certs

[xavierperez06]

Hello, hope you are having a great day.

I was going through the code, and i'm trying to understand how SSL works. I know that is using letsencrypt, and i think i have everything correctly configured. But when i access the site, i'm still having the fake cert Kubernetes Ingress Controller Fake Certificate.

So my question is, beside deploying everything and running the github actions. Should i be doing any extra step in order to make SSL works?

Thanks

[lpm0073]

Cookiecutter uses this drop-in k8s solution for ssl: https://cert-manager.io/
it's basically automatic pilot, thus, if you're having problems then best guess is that it's related to how your DNS is setup for your root domain, noting that this needs to be accessible to and writable by Terraform (ie it needs to be hosted in AWS Route53).

[xavierperez06]

Thanks for the quick reply, my root domain is hosted in route 53.

And this hosted zone ID, is the ID for my root domain... Worth mentioning that the domain was hosted in GoDaddy and then trasfered to AWS

[lpm0073]

btw, on more than one occasion i've mistakenly populated hostedZoneID with the value for the root domain rather than the environment domain. just want to confirm that you've not made a similar mistake. To be sure, you should probably have TWO hosted zones in your AWS account: one for the root domain (ie mydomain.edu) and a second for your environment domain (ie courses.mydomain.edu)

[xavierperez06]

Oooh, yes... This was the issue, i had the hostedZoneID for my root domain configured insted of the environment one... Thank you so much for your help, and your awesome work.

[lpm0073]

ok. For trouble shooting purposes, a couple more screens in k9s that you can investigate are: orders (orders.acme.cert-manager.io ) and CertificateRequests (cert-manager.io/v1/certificaterequests). in cases where either an ssl cert has expired, or simply has not issued like in your case, i've been able to find good diagnostics from both of these screens.

The last time i had to trouble shoot a problem like yours, the root cause was that the SOA records in Route53 for the root domain where incorrect. that is, the root problem was not actually related to cert-manager at all.

[xavierperez06]

So the issue was that i had configured the hostedZoneID for the root domain instead of the environment domain like @lpm0073 said.