search

puzzle / cert-manager-webhook-dnsimple

A cert-manager ACME DNS01 solver webhook for DNSimple.
Apache License 2.0
19 stars 24 forks source link

Error: servfail - webhook service not doing anything #20

Open JannikZed opened 2 years ago

JannikZed commented 2 years ago

Hi there,

I was trying to use your webhook service - without success. I'm using cert-manager 1.1.0. I installed your service as documented using Helm3. I get the following logs from the dnsimple-webhook:

-- | --
Thu, Apr 21 2022 15:08:06 | I0421 13:08:06.623337 1 requestheader_controller.go:169] Starting RequestHeaderAuthRequestController
Thu, Apr 21 2022 15:08:06 | I0421 13:08:06.623433 1 shared_informer.go:240] Waiting for caches to sync for RequestHeaderAuthRequestController
Thu, Apr 21 2022 15:08:06 | I0421 13:08:06.623704 1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::client-ca-file
Thu, Apr 21 2022 15:08:06 | I0421 13:08:06.623729 1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
Thu, Apr 21 2022 15:08:06 | I0421 13:08:06.624020 1 dynamic_serving_content.go:130] Starting serving-cert::/tls/tls.crt::/tls/tls.key
Thu, Apr 21 2022 15:08:06 | I0421 13:08:06.624105 1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
Thu, Apr 21 2022 15:08:06 | I0421 13:08:06.624118 1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
Thu, Apr 21 2022 15:08:06 | I0421 13:08:06.723322 1 tlsconfig.go:240] Starting DynamicServingCertificateController
Thu, Apr 21 2022 15:08:06 | I0421 13:08:06.723278 1 secure_serving.go:197] Serving securely on [::]:443
Thu, Apr 21 2022 15:08:06 | I0421 13:08:06.824738 1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
Thu, Apr 21 2022 15:08:06 | I0421 13:08:06.825633 1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
Thu, Apr 21 2022 15:08:07 | I0421 13:08:07.023702 1 shared_informer.go:247] Caches are synced for RequestHeaderAuthRequestController

I get this error when trying to create a wildcard cert: 


Challenge monorepo-preview-wildcart-cert-wxbcs-3162575813-1321718204Error presenting challenge: Unexpected response code 'SERVFAIL' for XXXXXX.
--

[Challenge monorepo-preview-wildcart-cert-wxbcs-3162575813-1321718204](XXXX/dashboard/c/c-f7gwk/explorer/event/monorepo-preview/monorepo-preview-wildcart-cert-wxbcs-3162575813-1321718204.16e7ebf17e027fa1)
Error presenting challenge: Unexpected response code 'SERVFAIL' for XXXXX.

Following cert: 

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  annotations:
  creationTimestamp: "2022-04-21T12:58:08Z"
  generation: 2
  name: monorepo-preview-wildcart-cert
  namespace: monorepo-preview
  resourceVersion: "301748995"
  uid: a7b650b2-ef77-4f73-920a-645177bd66eb
spec:
  commonName: '*.monorepo-preview.eu.XXX.com'
  dnsNames:
  - '*.monorepo-preview.eu.XXX.com'
  issuerRef:
    kind: ClusterIssuer
    name: cert-manager-webhook-dnsimple-production
  secretName: monorepo-preview-wildcart-cert
status:
  conditions:
  - lastTransitionTime: "2022-04-21T12:58:08Z"
    message: Issuing certificate as Secret does not exist
    reason: DoesNotExist
    status: "False"
    type: Ready
  - lastTransitionTime: "2022-04-21T12:58:08Z"
    message: Issuing certificate as Secret does not exist
    reason: DoesNotExist
    status: "True"
    type: Issuing
  nextPrivateKeySecretName: monorepo-preview-wildcart-cert-xcqpw