search

flant / cert-manager-webhook-regru

The webhook and the ClusterIssuer resource for automatic provisioning of reg.ru SSL certificates in Kubernetes
Apache License 2.0
33 stars 10 forks source link

domain_name not given or empty #12

Open huziahmetovsv opened 10 months ago

huziahmetovsv commented 10 months ago

Hi. Tryed to issue wildcard certificate with manifest:

- apiVersion: cert-manager.io/v1
      kind: Certificate
      metadata:
        name: wildcard-infra-example-com
      spec:
        secretName: wildcard-infra-example-com-secret
        issuerRef:
          name: regru-dns
          kind: ClusterIssuer
        dnsNames:
          - *.infra.example.com

But in pod log see url: api.reg.ru/api/regru2/zone/add_txt?input_data=%7B%22username%22%3A%22my_regru_user%22%2C%22password%22%3A%22smy_regru_password%22%2C%22domains%22%3A%5B%7B%22dname%22%3A%22%22%7D%5D%2C%22subdomain%22%3A%22_acme-challenge.infra.example.com.%22%2C%22text%22%3A%22CIFuiEULSPsSYQIemqFM0-dAreebSWy-LdWUw_QoMzw%22%2C%22output_content_type%22%3A%22plain%22%7D&input_format=json

And error responce from api:

{
   "answer" : {
      "domains" : [
         {
            "error_code" : "NO_DOMAIN",
            "error_text" : "domain_name not given or empty",
            "result" : "error"
         }
      ]
   },
   "charset" : "utf-8",
   "messagestore" : null,
   "result" : "success"
}

As i understand, from api docs, my url format whong, it shoul be api.reg.ru/api/regru2/zone/add_txt?input_data=%7B%22username%22%3A%22test%22%2C%22password%22%3A%22test%22%2C%22domains%22%3A%5B%7B%22dname%22%3A%22test.ru%22%7D%2C%7B%22dname%22%3A%22test.com%22%7D%5D%2C%22subdomain%22%3A%22mail%22%2C%22text%22%3A%22testmail%22%2C%22output_content_type%22%3A%22plain%22%7D&input_format=json

c0rnoTa commented 10 months ago

@huziahmetovsv It could be wired with an issue, that issuer could not correctly detect the root zone of third-level domain, that should be used in API call. So, it's tried to receive NS zone for .infra.example.com. but you could have domain example.com in reg.ru account and no NS records exists for .infra.example.com. It's not only about wildcards, but for any third-level domains. In my case, that was received in my system, reg.ru client produced a panic while trying to get zone non existing element of an array of domain part (devided by dots). I have made another version of dirty hack to mitigate this :) Take a look on my fork https://github.com/c0rnoTa/cert-manager-webhook-regru Version 1.1.5 should be useful in your case.

huziahmetovsv commented 10 months ago

@huziahmetovsv It could be wired with an issue, that issuer could not correctly detect the root zone of third-level domain, that should be used in API call. So, it's tried to receive NS zone for .infra.example.com. but you could have domain example.com in reg.ru account and no NS records exists for .infra.example.com. It's not only about wildcards, but for any third-level domains. In my case, that was received in my system, reg.ru client produced a panic while trying to get zone non existing element of an array of domain part (devided by dots). I have made another version of dirty hack to mitigate this :) Take a look on my fork https://github.com/c0rnoTa/cert-manager-webhook-regru Version 1.1.5 should be useful in your case.

well, same behawor for example.com. But for example.com i have NS records

nslookup -q=ns example.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
example.com        nameserver = ns1.reg.ru.
example.com        nameserver = ns2.reg.ru.

How can i install your fork with helm?

c0rnoTa commented 10 months ago

@huziahmetovsv set issuer.image in values to ghcr.io/c0rnota/cluster-issuer-regru:1.1.5 and upgrade helm release in k8s

huziahmetovsv commented 10 months ago

@huziahmetovsv set issuer.image in values to ghcr.io/c0rnota/cluster-issuer-regru:1.1.5 and upgrade helm release in k8s

Thank you, worked like charm for *.infra.example.com