search

molnett / cert-manager-webhook-gandi

Apache License 2.0
4 stars 1 forks source link

gandi.acme.molnett.net is forbidden #3

Open thatguyatgithub opened 5 months ago

thatguyatgithub commented 5 months ago

Out of a fresh installation closely following steps by the README, the plugin got stuck at this:

I0408 18:33:11.036144       1 dns.go:88] "presenting DNS01 challenge for domain" logger="cert-manager.challenges.Present" resource_name="wildcard-cert-1-2779278163-3683114198" resource_namespace="default" resource_kind="Challenge" resource_version="v1" dnsName="{REQUESTED_DOMAIN_HERE}" type="DNS-01" resource_name="wildcard-cert-1-2779278163-3683114198" resource_namespace="default" resource_kind="Challenge" resource_version="v1" domain="{REQUESTED_DOMAIN_HERE}"
E0408 18:33:11.037813       1 controller.go:167] "re-queuing item due to error processing" err="gandi.acme.molnett.net is forbidden: User \"system:serviceaccount:cert-manager:cert-manager\" cannot create resource \"gandi\" in API group \"acme.molnett.net\" at the cluster scope" logger="cert-manager.challenges" key="default/wildcard-cert-1-2779278163-3683114198"

More info:

kubectl describe challenge wildcard-cert-1-UUID
Name:         wildcard-cert-1-UUID
Namespace:    default
Labels:       <none>
Annotations:  <none>
API Version:  acme.cert-manager.io/v1
Kind:         Challenge
Metadata:
 {...}
Spec:
  Authorization URL:  https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/egefefefefefefef
  Dns Name:           {REQUESTED_DOMAIN_HERE}
  Issuer Ref:
    Kind:  Issuer
    Name:  letsencrypt-staging
  Key:     OJOEFJEOFJEOFJEOFJEOFJEOFJEOFJEF
  Solver:
    dns01:
      Cname Strategy:  Follow
      Webhook:
        Config:
          API Key Secret Ref:
            Key:        api-token
            Name:       gandi-credentials
          Root Domain:  
        Group Name:     acme.molnett.net
        Solver Name:    gandi
  Token:                ZZZZZZZZZZ
  Type:                 DNS-01
  URL:                  https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/ZZZZZZZZ
  Wildcard:             true
Status:
  Presented:   false
  Processing:  true
  Reason:      gandi.acme.molnett.net is forbidden: User "system:serviceaccount:cert-manager:cert-manager" cannot create resource "gandi" in API group "acme.molnett.net" at the cluster scope
  State:       pending
Events:
  Type     Reason        Age                  From                     Message
  ----     ------        ----                 ----                     -------
  Normal   Started       4m5s                 cert-manager-challenges  Challenge scheduled for processing
  Warning  PresentError  100s (x6 over 4m5s)  cert-manager-challenges  Error presenting challenge: gandi.acme.molnett.net is forbidden: User "system:serviceaccount:cert-manager:cert-manager" cannot create resource "gandi" in API group "acme.molnett.net" at the cluster scope
guy0090 commented 4 months ago

In case you're still having this issue, make sure you're setting groupName in the chart values and the issuer.