jetstack / kube-lego

DEPRECATED: Automatically request certificates for Kubernetes Ingress resources from Let's Encrypt
Apache License 2.0
2.16k stars 267 forks source link

Timed out from Let's Encrypt made kube-lego crash #185

Closed pichouk closed 7 years ago

pichouk commented 7 years ago

I just noticed that my kube-lego container crash a lot. I have this log line just when it crash :

time="2017-05-19T09:45:40Z" level=fatal msg="fatal error verifying existing user: failed to retrieve ACME account for URI 'https://acme-v01.api.letsencrypt.org/acme/reg/8656258': 504 : 504 Gateway Time-out" context=acme 

It happens just after it try a certificate request for a domain which not (yet) point to my server. I don't know if :

In any case, I think it is a problem that the container crash if it run into an HTTP504.

c-n-d commented 7 years ago

To the first point, it is likely related to the recent Let's Encrypt outage (although your domain should be pointing to a web server before requesting a certificate).

In the short term, the workaround that resolved the 504s for me was deleting the kube-lego-account secret and redeploying kube-lego to the cluster.

pichouk commented 7 years ago

Yes my configuration was not good on this example, I was just reporting because I think kube-lego should not crash when Let's Encrypt return an HTTP 504. This is not a big issue, since Kubernetes restart the pod instantly, but still annoying. Can we imagine a behavior where it only skip this request ?

fiws commented 6 years ago

Why close the issue when it's still a problem?

Even if this repo is dead, i think closing something that is not fixed is not good.