Closed reavessm closed 3 years ago
E1204 00:25:11.478201 1 acme.go:157] acme/letsencrypt-live failed with : Get https://acme-v02.api.letsencrypt.org/directory: x509: certificate is valid for *.apps.openshift.<domain.com>, not acme-v02.api.letsencrypt.org
This looks like while the controller is trying to reach out to acme-v02.api.letsencrypt.org
it hits the OCP router, can you check your OCP installation? Have you tried oc run
a pod and trying to reach https://acme-v02.api.letsencrypt.org/directory
url from there?
After banging my head against the wall all day yesterday, I came back first thing this morning and it just works now....
The only thing I can figure that happened was that I was running reverse-proxy with let's encrypt before upgrading to OKD, and I accidentally left that container running on a different host but for the same domain. I killed that container and manually revoked the certificate after lunch and maybe it took a while to process? have another route that's having a different issue but I think this issue can be marked closed. Thanks for taking the time to look at this.
What happened:
After installing openshift-acme and adding the annotations to an existing route, these logs keep repeating in one of the acme pods.
What you expected to happen:
Route to portfolio app becomes encrypted
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
This is a fresh cluster, but I am fairly inexperienced with openshift/k8s.
Environment:
OpenShift/Kubernetes version (use
oc/kubectl version
):Others:
@tnozicka