Comments (7)
rbaumgar
commented on July 20, 2024
can you explain the exact error you get? when? what is your configuration? ...
from cert-manager-webhook-dynu.
4inn
commented on July 20, 2024
Sorry for the delay in answering, I use Dynu as a provider, and many times when using certbot or other systems via api, I need to increase the waiting time to 120s so that I can solve the challenge..
I currently have another problem and that is that the clusterissuer remains in a false state (Ready False)
NAME READY AGE
letsencrypt-prod False 3m10s
letsencrypt-staging False 3m17s
Status:
Acme:
Conditions:
Last Transition Time: 2023-06-24T21:06:32Z
Message: Failed to register ACME account: Get "https://acme-staging-v02.api.letsencrypt.org/directory": dial tcp: lookup acme-staging-v02.api.letsencrypt.org on 10.96.0.10:53: server misbehaving
Observed Generation: 1
Reason: ErrRegisterACMEAccount
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning ErrInitIssuer 100s (x5 over 3m32s) cert-manager-clusterissuers Error initializing issuer: Get "https://acme-staging-v02.api.letsencrypt.org/directory": dial tcp: lookup acme-staging-v02.api.letsencrypt.org on 10.96.0.10:53: server misbehaving
I already did the installation from scratch 3 times to rule out installation problems and I get the same result.
Any ideas ?
Thanks !
from cert-manager-webhook-dynu.
rbaumgar
commented on July 20, 2024
can you please explain more about your details?
Which Kubernetes, which version
clusterissuer definition
logfile
...
I am using Kubernetes 1.26 / OpenShift 4.13
ClusterIssuer:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email:
preferredChain: ''
privateKeySecretRef:
name: letsencrypt-prod
server: 'https://acme-v02.api.letsencrypt.org/directory'
solvers:
- dns01:
cnameStrategy: Follow
webhook:
config:
apiUrl: 'https://api.dynu.com/v2'
secretName: <my_dynu-secret>
zoneName: <domain_defined_at_dynu>
groupName: com.github.dopingus.cert-manager-webhook-dynu
solverName: dynu
and this is from the cert-manager log
I0625 04:57:42.592711 1 setup.go:111] cert-manager/clusterissuers "msg"="generating acme account private key" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
I0625 04:57:42.737144 1 setup.go:221] cert-manager/clusterissuers "msg"="ACME server URL host and ACME private key registration host differ. Re-checking ACME account registration" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
I0625 04:57:43.544660 1 setup.go:311] cert-manager/clusterissuers "msg"="verified existing registration with ACME server" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
I0625 04:57:43.544741 1 conditions.go:96] Setting lastTransitionTime for Issuer "letsencrypt-prod" condition "Ready" to 2023-06-25 04:57:43.544710147 +0000 UTC m=+311131.536153393
I0625 04:57:43.559067 1 setup.go:204] cert-manager/clusterissuers "msg"="skipping re-verifying ACME account as cached registration details look sufficient" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
from cert-manager-webhook-dynu.
4inn
commented on July 20, 2024
Yes of course, I'll give you what can help !
Versions :
Client Version: v1.27.3
Kustomize Version: v5.0.1
Server Version: v1.27.3
clientVersion:
buildDate: "2023-06-14T09:53:42Z"
compiler: gc
gitCommit: 25b4e43193bcda6c7328a6d147b1fb73a33f1598
gitTreeState: clean
gitVersion: v1.27.3
goVersion: go1.20.5
major: "1"
minor: "27"
platform: linux/amd64
kustomizeVersion: v5.0.1
Describe of ClusterIssuer :
Name: letsencrypt-staging
Namespace:
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1
Kind: ClusterIssuer
Metadata:
Creation Timestamp: 2023-06-25T04:38:31Z
Generation: 1
Resource Version: 299569
UID: 49aef7c9-27e5-45d5-8a22-99cdae191933
Spec:
Acme:
Email: [email protected]
Preferred Chain:
Private Key Secret Ref:
Name: letsencrypt-staging
Server: https://acme-staging-v02.api.letsencrypt.org/directory
Solvers:
dns01:
Cname Strategy: Follow
Webhook:
Config:
Secret Name: dynu-secret
Group Name: com.github.dopingus.cert-manager-webhook-dynu
Solver Name: dynu
Status:
Acme:
Conditions:
Last Transition Time: 2023-06-25T04:38:36Z
Message: Failed to register ACME account: Get "https://acme-staging-v02.api.letsencrypt.org/directory": dial tcp: lookup acme-staging-v02.api.letsencrypt.org on 10.96.0.10:53: server misbehaving
Observed Generation: 1
Reason: ErrRegisterACMEAccount
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning ErrInitIssuer 2m40s (x126 over 10h) cert-manager-clusterissuers Error initializing issuer: Get "https://acme-staging-v02.api.letsencrypt.org/directory": dial tcp: lookup acme-staging-v02.api.letsencrypt.org on 10.96.0.10:53: server misbehaving
I don't get to have the issuer ready (clusterissuer) so I don't get to the generation of the certificate ..
from cert-manager-webhook-dynu.
rbaumgar
commented on July 20, 2024
It looks like the DNS server on 10.96.0.10 can't find acme-staging-v02.api.letsencrypt.org. Port 53 is DNS.
from cert-manager-webhook-dynu.
4inn
commented on July 20, 2024
Hello, I'm sorry, the server is at the moment. I'm going to try to force the DNS exit, I don't know why it tries to resolve it on that IP
I'll do the tests tonight and let you know.
Thank you !
from cert-manager-webhook-dynu.
4inn
commented on July 20, 2024
You are correct, I manually configured the DNS in Ubuntu and it worked!
Now I'm seeing why in staging it generates the certificate quickly but in production it doesn't or it takes a while..
I close the issue
Thank you
from cert-manager-webhook-dynu.
Related Issues (15)
- cannot create resource "dynu" in API group "dynu-webhook" HOT 5
- web hook does not support subdomains HOT 3
- Pages build action not running HOT 3
- [QUESTION] Installation error ? HOT 1
- new group name
- add USER to dockerfile
- The server could not find the requested resource (post dynu.com.github.dopingus.cert-manager-webhook-dynu)
- Clusterisssuer does not create secret.
- webhook producess many warnings on Kubernetes 1.26 HOT 2
- server not able to handle the request HOT 5
- Challenges failed - the server is currently unable to handle the request
- build new version recommended HOT 1
- re-queuing item due to error processing" "error"="dynu.dynu-webhook-1661649439 is forbidden HOT 8
- dynu with cert-manager 1.9.1 on arm: RBACs problem HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cert-manager-webhook-dynu.