search

jetstack / kube-lego

DEPRECATED: Automatically request certificates for Kubernetes Ingress resources from Let's Encrypt
Apache License 2.0
2.16k stars 267 forks source link

No acme challenge #221

Open naveensrinivasan opened 7 years ago

naveensrinivasan commented 7 years ago

We are not getting any acme challenge in our ingress.


time="2017-06-29T23:47:13Z" level=info msg="no cert request needed" context="ingress_tls" name=lightsaber-tools-prom-auth namespace=katana
time="2017-06-29T23:47:13Z" level=error msg="Error while processing certificate requests: no domain could be authorized successfully" context=kubelego
time="2017-06-29T23:47:13Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=kube-lego-nginx namespace=default
time="2017-06-29T23:47:13Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=citadel-citade namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=lightsaber-tools-ingress namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=tools namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="process certificate requests for ingresses" context=kubelego
time="2017-06-29T23:47:13Z" level=info msg="cert expires in 87.9 days, no renewal needed" context="ingress_tls" expire_time=2017-09-25 21:39:00 +0000 UTC name=internal-tools-tools namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="no cert request needed" context="ingress_tls" name=internal-tools-tools namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="cert expires in 88.6 days, no renewal needed" context="ingress_tls" expire_time=2017-09-26 14:19:00 +0000 UTC name=lightsaber-tools-es-auth namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="no cert request needed" context="ingress_tls" name=lightsaber-tools-es-auth namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="cert expires in 88.6 days, no renewal needed" context="ingress_tls" expire_time=2017-09-26 14:26:00 +0000 UTC name=lightsaber-tools-prom-auth namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="no cert request needed" context="ingress_tls" name=lightsaber-tools-prom-auth namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="cert expires in 88.7 days, no renewal needed" context="ingress_tls" expire_time=2017-09-26 15:31:00 +0000 UTC name=lightsaber-tools-zip-auth namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="no cert request needed" context="ingress_tls" name=lightsaber-tools-zip-auth namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="cert expires in 82.6 days, no renewal needed" context="ingress_tls" expire_time=2017-09-20 14:16:00 +0000 UTC name=luke-signalingingress namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="no cert request needed" context="ingress_tls" name=luke-signalingingress namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="Attempting to create new secret" context=secret name=beta.dev.steelgoldfish.io namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="no cert associated with ingress" context="ingress_tls" name=web-ingress namespace=katana
time="2017-06-29T23:47:13Z" level=info msg="requesting certificate for beta.dev.steelgoldfish.io" context="ingress_tls" name=web-ingress namespace=katana
time="2017-06-29T23:48:42Z" level=warning msg="authorization failed after 1m0s: getting authorization failed: 403 urn:acme:error:unauthorized: No registration exists matching provided key" context=acme domain=beta.dev.steelgoldfish.io
time="2017-06-29T23:48:42Z" level=info msg="cert expires in 76.6 days, no renewal needed" context="ingress_tls" expire_time=2017-09-14 13:37:00 +0000 UTC name=yoda-masteringress namespace=katana
time="2017-06-29T23:48:42Z" level=info msg="no cert request needed" context="ingress_tls" name=yoda-masteringress namespace=katana
time="2017-06-29T23:48:42Z" level=error msg="Error while processing certificate requests: no domain could be authorized successfully" context=kubelego
time="2017-06-29T23:48:42Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=kube-lego-nginx namespace=default
time="2017-06-29T23:48:42Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=citadel-citade namespace=katana
time="2017-06-29T23:48:42Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=lightsaber-tools-ingress namespace=katana
time="2017-06-29T23:48:42Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=tools namespace=katana
time="2017-06-29T23:48:42Z" level=info msg="process certificate requests for ingresses" context=kubelego
time="2017-06-29T23:48:42Z" level=info msg="Attempting to create new secret" context=secret name=beta.dev.steelgoldfish.io namespace=katana
time="2017-06-29T23:48:42Z" level=info msg="no cert associated with ingress" context="ingress_tls" name=web-ingress namespace=katana
time="2017-06-29T23:48:42Z" level=info msg="requesting certificate for beta.dev.steelgoldfish.io" context="ingress_tls" name=web-ingress namespace=katana
W0629 23:49:53.747412       5 backend_ssl.go:46] error obtaining PEM from secret katana/web.dev.steelgoldfish.io: secret named katana/web.dev.steelgoldfish.io does not exist
W0629 23:49:53.748547       5 backend_ssl.go:46] error obtaining PEM from secret katana/betaweb.dev.steelgoldfish.io: secret named katana/betaweb.dev.steelgoldfish.io does not exist
W0629 23:49:53.751680       5 backend_ssl.go:46] error obtaining PEM from secret skylight/betaweb.dev.steelgoldfish.io: secret named skylight/betaweb.dev.steelgoldfish.io does not exist
W0629 23:49:53.753290       5 backend_ssl.go:46] error obtaining PEM from secret katana/es.dev.steelgoldfish.io# ---: secret named katana/es.dev.steelgoldfish.io# --- does not exist
W0629 23:49:53.753306       5 backend_ssl.go:46] error obtaining PEM from secret katana/beta.dev.steelgoldfish.io: secret named katana/beta.dev.steelgoldfish.io does not exist

What could be wrong?

Thanks

naveensrinivasan commented 7 years ago

We are using the canary release https://github.com/jetstack/kube-lego/pull/204

munnerz commented 7 years ago

Hi - did you manage to find a resolution for this?

I'm not too sure which domain here is failing for you, so it's quite difficult for me to help. It looks like a number of your ingresses are getting certificates successfully - could you explain what's different between these ones and the ones that are failing?

If you could also include the contents of your Ingress resources here that'd be great!

naveensrinivasan commented 7 years ago

@munnerz I am on vacation when I get back will update with all the information. Thanks