Description of problem: Customer is attempting to configure default ingress certificate. After setting the default ingress certificate with the instructions provided in the docs, the web console becomes inaccessible. Link to docs --> https://docs.openshift.com/container-platform/4.1/authentication/certificates/replacing-default-ingress-certificate.html#replacing-default-ingress_replacing-default-ingress Version-Release number of selected component (if applicable): How reproducible: The customer can consistently reproduce and I can reproduce with my test cluster. Steps to Reproduce: 1. Replace the default ingress certificate with a cert not signed by the cluster 2. Delete console pods 3. The web console is inaccessible Actual results: Console is inaccessible Expected results: Console should be accessible after configuring default ingress certificate Additional info: It appears that the console is using the serviveaccount ca certficate to authenticate the certificate presented by the oauth-openshift endpoint, Below is an excerpt from the console pod logs: 2019/06/24 14:06:06 cmd/main: cookies are secure! 2019/06/24 14:06:06 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority 2019/06/24 14:06:16 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority 2019/06/24 14:06:26 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority 2019/06/24 14:06:36 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority 2019/06/24 14:06:46 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority 2019/06/24 14:06:56 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority 2019/06/24 14:07:06 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority 2019/06/24 14:07:16 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority
This is a bug with the router where passtrhough routes are terminating at the router.
*** This bug has been marked as a duplicate of bug 1712525 ***