nginx Loadbalancer cant get Let's encrypt certificate

Question

I'm using my own nginx ingress loadbalancer. What am i trying to do is create ssl files automatically using Let's encrypt. I think my nginx.conf file has error. But i cant quite find it.

I provided my configs and logs.

I created folder: /var/www/letsencrypt

nginx access.log:

"GET /.well-known/acme-challenge/Yop3zwchpFCM-h_cchYjiPwQ0LfINMwy4j0rNugMrmM HTTP/1.1" 404 162 "-" "cert-manager-challenges/v1.14.2 (linux/amd64) cert-manager/306e329365989f205185024a86de9b9d4bad10a5"

nginx error.log: (noting much here)

[notice] 3129#3129: signal process started

cert-manager pod log:

err="wrong status code '404', expected '200'"

i've created ClusterIssuer with following yaml:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt
    solvers:
      - http01:
          ingress:
            class: nginx

And here is my ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: longhorn-ingress
  namespace: longhorn-system
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  tls:
    - hosts:
        - longhorn.medsoft.care
      secretName: longhorn.medsoft.care
  rules:
    - host: longhorn.medsoft.care
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: longhorn-frontend
                port:
                  number: 80

# nginx.
http {
    ssl_protocols TLSv1.2 TLSv1.3;

    upstream kubernetes_https {
        server 10.20.30.82:443; # master01
        server 10.20.30.83:443; # master02
        server 10.20.30.84:443; # worker01
        server 10.20.30.85:443; # worker02
        # Add more servers as necessary

        # Health check configuration for Kubernetes API backend
        # tulburtei nginx-d bdag module bololtoi
        # health_check interval=5 fails=3 passes=2 uri=/healthz;
    }

    upstream kubernetes_http {
        server 10.20.30.82:80; # master01
        server 10.20.30.83:80; # master02
        server 10.20.30.84:80; # worker01
        server 10.20.30.85:80; # worker02
        # Add more servers as necessary

        # Health check configuration for Kubernetes node backend
        # tulburtei nginx-d bdag module bololtoi
        # health_check interval=5 fails=3 passes=2 uri=/healthz;
    }

    server {
        listen 443 ssl;

        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        location ^~ /.well-known/acme-challenge/ {
            allow all;
            default_type "text/plain";
            root /var/www/letsencrypt;
        }

        location / {
            proxy_pass https://kubernetes_https;
            proxy_ssl_verify off;
            proxy_ssl_session_reuse on;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Original-URI $request_uri;
            try_files $uri $uri/index.html $uri.html =404;
        }
    }

    server {
        listen 80;

        location / {
            proxy_pass http://kubernetes_http;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Original-URI $request_uri;
        }
    }
}