SSL Certificate Issues with Tutor on AWS EKS - Let's Encrypt DNS Validation Failing

Problem Description

I’ve deployed Open edX using Tutor on AWS EKS (Kubernetes), but I’m encountering SSL certificate issuance failures. Let’s Encrypt cannot validate my domains due to DNS resolution issues, even though I have Route 53 configured properly.

Note: Domain names in this post are anonymized (e.g., manabu.mysite.com.sg is the LMS_HOST).

Current Configuration

Route 53 Setup:

1. manabu.mysite.com.sg → A Record → ALIAS to ALB (k8s-openedx-caddy-xxxxx.elb.ap-southeast-1.amazonaws.com)
2. *.manabu.mysite.com.sg → A Record → ALIAS to ALB (k8s-openedx-caddy-xxxxx.elb.ap-southeast-1.amazonaws.com)

Caddy logs show repeated DNS validation failures:

“no valid A records found for meilisearch.manabu.mysite.com.sg”
“no valid A records found for apps.manabu.mysite.com.sg”
“no valid A records found for manabu.mysite.com.sg”
“no valid A records found for preview.manabu.mysite.com.sg”
“no valid A records found for studio.manabu.mysite.com.sg”

Also getting ZeroSSL errors after DNS fails:

“account pre-registration callback: failed getting EAB credentials: HTTP 422: caddy_legacy_user_removed”

Current status:

• Unable to access https://manabu.mysite.com.sg, showing ERR_NAME_NOT_RESOLVED
• Caddy keeps retrying but failing DNS validation

Please help me fix this.

Thank you.

Solved.

Turns out the load balancer scheme was internal; changed it to internet-facing, and the problem is solved.