Hi

When we configured the domain mapping for our GKE service, it automatically created a domain mapping, virtual service, gateway, and secret (TLS). However, we needed to use our own certificate instead of the Google-managed certificate. To achieve this, we disabled the autoTLS feature in the domain mapping using the kubectl annotate command.

After disabling autoTLS, the virtual service was updated to point to the Istio-ingress gateway. We then added our TLS certificate to this gateway. As a result, our certificate was successfully updated on the website.

However, when attempting to run the service again, we encountered errors. The domain mapping file displayed the message "waiting for the route," and the GKE service deployment showed "waiting for load balancer."

I checked the controller logs and there is some probing error logs:

Probing of https://service.default.example.com:443  failed, IP: [[istio-ingress-pod-IP]], ready: false, error: error roundtripping https://service.default.example.com:443/healthz : read tcp [[controller-pod-IP]]:43958->[[istio-ingress-pod-IP]]:443: read: connection reset by peer (depth: 0)

Please assist in resolving these errors.