search

monostream / cert-manager-linode

a cert-manager webhook adapter for linode
MIT License
22 stars 9 forks source link

Error: [400] [name] Name contains invalid characters #1

Closed dwitzig closed 1 year ago

dwitzig commented 2 years ago

Hi, thank you for putting this together! I'm looking to moving my DNS management from Route53 to Linode so looking at using your Solver.

My cluster is using kubernetes 1.20. After deploying I get the following error in cert-manager pod logs (for both subdomain and wildcard).

The same deployment (using a different domain) with Route53 ClusterIssuer is working as expected.

im not 100% sure if this is a bug or an issue with my configuration, any help would be greatly appreciated :)

Error:

I1026 22:57:17.338913       1 dns.go:88] cert-manager/controller/challenges/Present "msg"="presenting DNS01 challenge for domain" "dnsName"="domain.com" "domain"="domain.com" "resource_kind"="Challenge" "resource_name"="domain-com-cert-dev-app-h7cdf-326823713-1926664675" "resource_namespace"="default" "resource_version"="v1" "type"="DNS-01" 
E1026 22:57:18.233550       1 controller.go:163] cert-manager/controller/challenges "msg"="re-queuing item due to error processing" "error"="[400] [name] Name contains invalid characters" "key"="default/domain-com-cert-dev-app-h7cdf-326823713-1926664675"
dbellingroth commented 2 years ago

I have the same problem

grape-nuts commented 2 years ago

+1

Romeriz commented 2 years ago

+1

jdhollander commented 2 years ago

Also have the same issue.

In the linode domain web interface, I have found the same error (Name contains invalid characters) if I try to create a TXT record manually with a domain such as _acme-challenge.example.com. . Note the dot at the end. Without the dot, the web interface accepts the record and correctly removes the parent domain and creates a TXT record where I would expect.

I believe that it's worth looking at whether there is a trailing dot on the domains identifier sent to Linode and whether this can be stripped.

openelectron commented 1 year ago

@adrianliechti Would it be possible to get a new version pushed to the docker hub? I believe the fix in issue #2 when pushed will also fix this issue.

Many Thanks

adrianliechti commented 1 year ago

ciao @openelectron

i unfortunately no longer work for monostream - but maybe @marcelhintermann or @mdnix can start the pipeline 🚀 cheers to all of you

mdnix commented 1 year ago

Hi @openelectron

Thanks for reaching out! I have just published a new version. Tested it on a Linode Kubernetes cluster running version 1.23.6. I also took the time to update all dependencies and the build as well as the runtime image.

Furthermore, I would like to point out that the helm chart has changed. An additional ClusterRole and ClusterRoleBinding were necessary. Therefore I recommend you to do a helm upgrade.

If you have an older version of cert-manager you may also need to update the ClusterIssuer we have in our example. The ClusterIssuer resource in version v1alpha2 is no longer available in newer installations.

Cheers!

openelectron commented 1 year ago

@mdnix

Thanks, this is great. I can confirm this all works. I'm running on a Linode Kubernetes cluster. Successfully generating wildcard certificates.

Thanks for this great work. I think this issue can be closed.