search

joe-elliott / cert-exporter

A Prometheus exporter that publishes cert expirations on disk and in Kubernetes secrets
Apache License 2.0
321 stars 87 forks source link

Getting "Error exporting secret asn1: structure error" #65

Open ab250 opened 3 years ago

ab250 commented 3 years ago

I'm using label sector method for discovering two of the secrets, but only one is getting discovered and in the cert-exporter pod log I am seeing the below error. What can be the issue?

I0115 10:34:26.082742       1 periodicSecretChecker.go:89] Reviewing secret tls-secret in dev
I0115 10:34:26.082751       1 periodicSecretChecker.go:106] Annotations matched. Parsing Secret.
I0115 10:34:26.082756       1 periodicSecretChecker.go:138] Publishing tls-secret/dev metrics tls.crt
I0115 10:34:26.083061       1 periodicSecretChecker.go:138] Publishing tls-secret/dev metrics tls.key
E0115 10:34:26.083084       1 periodicSecretChecker.go:141] Error exporting secret asn1: structure error: tags don't match (16 vs {class:0 tag:2 length:1 isCompound:false}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} tbsCertificate @2
joe-elliott commented 3 years ago

It appears that you are trying to parse the tls.key as a cert which will not work.

Refer to discussion here: https://github.com/joe-elliott/cert-exporter/issues/19

gustonator commented 3 years ago

Thank you Joe for the hint. I had the same issue :)

for new folks:
just add - --secrets-include-glob=*.crt to deployment config