cert-manager / cert-manager

Automatically provision and manage TLS certificates in Kubernetes
https://cert-manager.io
Apache License 2.0
12.19k stars 2.1k forks source link

Failed to register ACME account with letsencrypt #7134

Open duyawen8 opened 5 months ago

duyawen8 commented 5 months ago

Describe the bug:

kubectl get clusterissuer letsencrypt-prod -o yaml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  creationTimestamp: "2024-06-27T02:46:56Z"
  generation: 1
  name: letsencrypt-prod
spec:
  acme:
    email: liushaohui@xx.com
    privateKeySecretRef:
      name: letsencrypt-prod
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - dns01:
        webhook:
          groupName: webhook-dnspod.xxx.net
          solverName: dnspod
status:
  acme: {}
  conditions:
  - lastTransitionTime: "2024-06-27T02:46:56Z"
    message: 'Failed to register ACME account: Get "https://acme-v02.api.letsencrypt.org/directory":
      Unauthorized'
    observedGeneration: 1
    reason: ErrRegisterACMEAccount
    status: "False"
    type: Ready

controller log

0627 07:37:02.362588       1 setup.go:259] cert-manager/controller/clusterissuers "msg"="failed to register an ACME account" "error"="Get \"https://acme-v02.api.letsencrypt.org/directory\": Unauthorized" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
E0627 07:37:02.362705       1 sync.go:60] cert-manager/controller/clusterissuers "msg"="error setting up issuer" "error"="Get \"https://acme-v02.api.letsencrypt.org/directory\": Unauthorized" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
E0627 07:37:02.362874       1 controller.go:163] cert-manager/controller/clusterissuers "msg"="re-queuing item due to error processing" "error"="Get \"https://acme-v02.api.letsencrypt.org/directory\": Unauthorized" "key"="letsencrypt-prod"
I0627 07:42:02.364490       1 setup.go:219] cert-manager/controller/clusterissuers "msg"="ACME server URL host and ACME private key registration host differ. Re-checking ACME account registration" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
E0627 07:42:02.372444       1 setup.go:259] cert-manager/controller/clusterissuers "msg"="failed to register an ACME account" "error"="Get \"https://acme-v02.api.letsencrypt.org/directory\": Unauthorized" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
E0627 07:42:02.372540       1 sync.go:60] cert-manager/controller/clusterissuers "msg"="error setting up issuer" "error"="Get \"https://acme-v02.api.letsencrypt.org/directory\": Unauthorized" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
E0627 07:42:02.372680       1 controller.go:163] cert-manager/controller/clusterissuers "msg"="re-queuing item due to error processing" "error"="Get \"https://acme-v02.api.letsencrypt.org/directory\": Unauthorized" "key"="letsencrypt-prod"

Expected behaviour:

cluster issuer is ready Steps to reproduce the bug:

Anything else we need to know?:

Environment details::

/kind bug

ThatsMrTalbot commented 4 months ago

👋 You are using an unsupported version of cert-manager, could you upgrade to a supported version and see if you are still having an issue?

/priority awaiting-more-evidence

cert-manager-bot commented 1 month ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close. /lifecycle stale

cert-manager-bot commented 1 week ago

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with /close. /lifecycle rotten /remove-lifecycle stale