Hi. I’m trying to deploy an ingress which looks like this:
kind: Ingress
metadata:
name: "shuffle-ingress"
namespace: "shuffle"
annotations:
<http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>: 'internet-facing'
<http://alb.ingress.kubernetes.io/target-type|alb.ingress.kubernetes.io/target-type>: 'ip'
<http://alb.ingress.kubernetes.io/group.name|alb.ingress.kubernetes.io/group.name>: 'my-ingress-group'
<http://alb.ingress.kubernetes.io/load-balancer-name|alb.ingress.kubernetes.io/load-balancer-name>: 'alb-shared'
<http://alb.ingress.kubernetes.io/listen-ports|alb.ingress.kubernetes.io/listen-ports>: '[{"HTTPS":443}]'
<http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>: 'arn:aws:acm:us-east-1:xxxxxxx'
<http://alb.ingress.kubernetes.io/ssl-policy|alb.ingress.kubernetes.io/ssl-policy>: 'ELBSecurityPolicy-TLS13-1-2-2021-06'
<http://alb.ingress.kubernetes.io/actions.ssl-redirect|alb.ingress.kubernetes.io/actions.ssl-redirect>: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}'
<http://external-dns.alpha.kubernetes.io/hostname|external-dns.alpha.kubernetes.io/hostname>: <http://shuffle.my-site.com|shuffle.my-site.com>
labels:
app: 'shuffle'
spec:
ingressClassName: 'alb'
rules:
- host: '<http://shuffle.my-site.com|shuffle.my-site.com>'
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: "frontend"
port:
number: 80```
And this is the services of the frontend:
```apiVersion: v1
kind: Service
metadata:
namespace: shuffle
annotations:
kompose.cmd: kompose convert -f docker-compose.yml
kompose.version: 1.26.0 (40646f47)
creationTimestamp: null
labels:
io.kompose.service: frontend
name: frontend
spec:
type: NodePort
ports:
- name: "80"
port: 80
targetPort: 80
nodePort: 30007
- name: "443"
port: 443
targetPort: 443
nodePort: 30008
selector:
io.kompose.service: frontend
# status:
# loadBalancer: {}```
It already worked on my ALB. But I started to get this error log on the pod of the AWS LB controller:
```{"level":"error","ts":"2025-05-26T12:03:37Z","msg":"Reconciler error","controller":"ingress","object":{"name":"my-ingress-group"},"namespace":"","name":"my-ingress-group","reconcileID":"xxxx","error":"operation error Elastic Load Balancing v2: CreateListener, https response error StatusCode: 400, RequestID: c0e3cc8c-xxxxxx, api error ValidationError: Certificate ARN 'arn:aws:acm:us-east-1:xxxxxxxx' is not valid"}```
I already checked and the ARN is correct on the ingress. And the cert it's still valid:
```{
"Certificate": {
"CertificateArn": "arn:aws:acm:us-east-1:xxxxxxxxx",
"DomainName": "*.<http://my-site.com|my-site.com>",
"SubjectAlternativeNames": [
"*.<http://my-site.com|my-site.com>"
],
"DomainValidationOptions": [
{
"DomainName": "*.<http://my-site.com|my-site.com>",
"ValidationDomain": "*.<http://my-site.com|my-site.com>",
"ValidationStatus": "SUCCESS",
"ResourceRecord": {
"Name": "_xxxxxxxxx.my-site.com.",
"Type": "CNAME",
"Value": "xxxxxxxxxxx.acm-validations.aws."
},
"ValidationMethod": "DNS"
}
],
"Serial": "XXXXXXXXXXXXXXXXXXXXXXXXX",
"Subject": "CN=*.<http://my-site.com|my-site.com>",
"Issuer": "Amazon",
"CreatedAt": "2025-02-13T09:54:45.026000-03:00",
"IssuedAt": "2025-02-13T09:55:29.153000-03:00",
"Status": "ISSUED",
"NotBefore": "2025-02-12T21:00:00-03:00",
"NotAfter": "2026-03-14T20:59:59-03:00",
"KeyAlgorithm": "RSA-2048",
"SignatureAlgorithm": "SHA256WITHRSA",
"InUseBy": [
"arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxx:loadbalancer/app/alb-shared/xxxxxxxxxx"
],
"Type": "AMAZON_ISSUED",
"KeyUsages": [
{
"Name": "DIGITAL_SIGNATURE"
},
{
"Name": "KEY_ENCIPHERMENT"
}
],
"ExtendedKeyUsages": [
{
"Name": "TLS_WEB_SERVER_AUTHENTICATION",
"OID": "1.3.6.1.5.5.7.3.1"
},
{
"Name": "TLS_WEB_CLIENT_AUTHENTICATION",
"OID": "1.3.6.1.5.5.7.3.2"
}
],
"RenewalEligibility": "ELIGIBLE",
"Options": {
"CertificateTransparencyLoggingPreference": "ENABLED"
}
}
}```
Anyone can help me here?