Domain issue when deploy to EKS

Site Operators Tutor Help
1

Dear team,

I have an issue related domain when I deploy to EKS.

➜ kubectl get pods -n openedx
NAME READY STATUS RESTARTS AGE
caddy-ddc79dd5b-rggvg 1/1 Running 0 28m
cms-68fcf44757-vgpm5 0/1 CrashLoopBackOff 8 (23s ago) 17m
cms-worker-848f9db986-5sgsh 1/1 Running 0 28m
lms-7bc78d9877-tb67n 0/1 CrashLoopBackOff 8 (32s ago) 17m
lms-job-20251117224956-x9vbm 0/1 Completed 0 28m
lms-job-20251117225051-dk2pp 0/1 Completed 0 28m
lms-job-20251117225057-fnnmj 0/1 Error 0 27m
lms-job-20251117225057-pjtkn 0/1 Error 0 27m
lms-job-20251117225719-stbgt 0/1 Completed 0 21m
lms-job-20251117225739-pp6jg 0/1 Completed 0 21m
lms-job-20251117225745-5hx5v 0/1 Error 0 20m
lms-job-20251117225745-cnbk6 0/1 Error 0 21m
lms-worker-65c67668f5-6sdnm 1/1 Running 0 28m
meilisearch-666586ccb6-cztrw 1/1 Running 0 28m
mfe-677697cff8-mjtgc 1/1 Running 0 28m
minio-6958b448bc-m7hgt 1/1 Running 0 28m
minio-job-20251117225003-qv2nc 0/1 Completed 0 28m
minio-job-20251117225726-2lcrz 0/1 Completed 0 21m
mongodb-cb86586bc-b9nvh 1/1 Running 0 28m
mysql-64b4b7449c-7dh6c 1/1 Running 0 28m
mysql-job-20251117225024-mhjsv 0/1 Completed 0 28m
mysql-job-20251117225733-bv5m2 0/1 Completed 0 21m
redis-74f5ddb96-mftfk 1/1 Running 0 28m
smtp-5896895cb5-7djdz 1/1 Running 0 28m

File “/openedx/venv/lib/python3.11/site-packages/botocore/endpoint.py”, line 383, in _send
return self.http_session.send(request)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/openedx/venv/lib/python3.11/site-packages/botocore/httpsession.py”, line 491, in send
raise SSLError(endpoint_url=request.url, error=e)
botocore.exceptions.SSLError: SSL validation failed for https://files.manabu.example.com.sg/openedx/badges/badges/honor.png [SSL: UNEXPECTED_EOF_WHILE_READING] EOF occurred in violation of protocol (_ssl.c:1006)
Applying certificates.0003_data__default_modes…

How to fix it?

Thank you.

2

You don’t seem to have the SSL certificates properly set up. You need point a domain name you own to the load balancer EKS provisions (I’m assuming you have the most vanilla configuration possible).

Usually the caddy service is the one that provides the load balancer, you can check all your load balancers like this:

kubectl get svc -A | grep -i loadbalancer

Caddy automatically generates the appropriate certificates using an ACME endpoint, but you need to point all the domains for this to work correctly.

3

Thank you so much.