TXT vs CNAME record

[KrystianMarek]

Hi,

While trying to set up external-dns + infoblox, cert-manager + cert-manager-webhook-infoblox-wapi I stumbled upon a problem. cert-manager-webhook-infoblox-wapi creates the TXT record for the DNS01 challenge, but cert-manager is looking for CNAME:

https://github.com/jetstack/cert-manager/blob/v1.6.1/pkg/issuer/acme/dns/dns.go#L111 _acme-challenge. https://github.com/jetstack/cert-manager/blob/5ecf5b5617a4813ea8115da5dcfe3cd18b8ff047/pkg/issuer/acme/dns/util/dns.go#L20

As the result, cert-manager will not pass the self check and the certificate is stuck in state 'pending' with log message spamming the cert-manager pod:

E0118 13:59:09.121632 1 sync.go:186] cert-manager/controller/challenges "msg"="propagation check failed" "error"="DNS record for \"whoami-test.<DOMAIN>\" not yet propagated" "dnsName"="whoami-test.<DOMAIN>" "resource_kind"="Challenge" "resource_name"="whoami-SOME-ID-fnfrq-884555931-1092135666" "resource_namespace"="applications" "resource_version"="v1" "type"="DNS-01"

[luisico]

Hi @KrystianMarek, sorry for the late reply, not sure why I didn't get a notification from github.

I'm not sure why you are seeing that error. The plugin is working for me and other people as is. Can you show your configuration?

[bb-Ricardo]

in cases where cert-manager can't resolve CNAME records you could use a record mapping with this version: https://github.com/luisico/cert-manager-webhook-infoblox-wapi/pull/9