search

snowdrop / godaddy-webhook

Cert Manager Godaddy Webhook performing ACME challenge using DNS record
Apache License 2.0
72 stars 62 forks source link

Challenge does not succeed #13

Closed peyerroger closed 2 years ago

peyerroger commented 2 years ago

Hi there!

First of all thanks for making this webhook available to the community!

I tried the steps documented in the readme, but for some reason the challenge never succeeds. I'm not exactly sure whether it is due to some misconfiguration or due to a bug.

First some information about what I installed:

AKS Kubernetes Cluster (AKS)

CertManager 1.7.2

GoDaddy Webhook

Deployment We use Argo CD to deploy the helm charts

Resources

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wildcard-azure-aisot-ch
spec:
  secretName: wildcard-azure-aisot-ch-tls
  renewBefore: 240h
  dnsNames:
    - '*.aisot.ch'
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
apiVersion: v1
kind: Secret
metadata:
  name: godaddy-api-key
type: Opaque
stringData:
  token: {{ .Values.godaddy.token }}
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # ACME Server
    # prod : https://acme-v02.api.letsencrypt.org/directory
    # staging : https://acme-staging-v02.api.letsencrypt.org/directory
    server: https://acme-v02.api.letsencrypt.org/directory
    # ACME Email address
    email: info@aisot.ch
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - selector:
          dnsNames:
            - '*.aisot.ch'
        dns01:
          webhook:
            config:
              apiKeySecretRef:
                name: godaddy-api-key
                key: token
              production: true
              ttl: 600
            groupName: acme.aisot.ch
            solverName: godaddy

The main Error I see is the following: When querying the SOA record for the domain '_acme-challenge.aisot.ch.' using nameservers [10.0.0.10:53], rcode was expected to be 'NOERROR' or 'NXDOMAIN', but got 'SERVFAIL'

I also see some errors in the log files. Files are attached.

I have to admit I'm kinda lost. Any suggestion would be highly appreciated. I think the webhook is not even called. At least I don't see anything in the dns config.

Thanks, Roger

cert-manager-webhook.txt godaddy-webhook.txt cert-manager-cainjector.txt cert-manager.txt

peyerroger commented 2 years ago

For whatever reason it now works...