Certificate Manager Errors on New SCIM Bridge Install

DavidRamage
DavidRamage
Community Member

Good morning,
I have just completed installing a SCIM bridge on Kubernetes in AWS. Both the Redis and op-scim pods are up and running, the endpoint shows up as green in the load balancer, and the DNS record is created. Unfortunately I'm getting a bunch of certificate manager errors:

4:10PM ERR certificate manager error error="Error getting validation data" application=op-scim attempt=0 build=203004 component=CertificateManager elapsed=0 retry_time=0 subcomponent=certmagic version=2.3.0
4:10PM ERR certificate manager error error="authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Error getting validation data" application=op-scim attempt=1 build=203004 component=CertificateManager elapsed=0 retry_time=0 subcomponent=certmagic version=2.3.0
4:10PM ERR certificate manager error error="[my.redacted.hostname] Obtain: [my.redacted.hostname] solving challenges: my.redacted.hostname: no solvers available for remaining challenges (configured=[tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[http-01 dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/48811328/2158610138) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)" application=op-scim attempt=14 build=203004 component=CertificateManager elapsed=64851.52 retry_time=21600 subcomponent=certmagic version=2.3.0

Thanks in advance for any help given.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • DavidRamage
    DavidRamage
    Community Member

    I managed to resolve this myself, so I'm sharing what the problem was with the community.

    If you're using an AWS network load balancer (which I am) you need to enable sticky sessions. You must also disable proxy protocol.

  • Hi @DavidRamage. Glad to hear you managed to resolve this issue by yourself, and thank you for sharing the solution.
    Please reach out if you need any help.
    Kind regards, Hass

This discussion has been closed.