search

tnozicka / openshift-acme

ACME Controller for OpenShift and Kubernetes Cluster. (Supports e.g. Let's Encrypt)
Apache License 2.0
319 stars 116 forks source link

No valid IP addresses found #82

Closed magick93 closed 5 years ago

magick93 commented 5 years ago

Hello

I have just installed the openshift-acme controller on a freshly installed Okd 3.11.

I'm trying to generate a ssl for the web console. However, its failing, with Warning' reason: 'AcmeFailedAuthorization' Acme provider failed to validate domain "console.apps.mydomain.com": ["http-01" challenge is "invalid": 400 urn:acme:error:unknownHost: No valid IP addresses found for console.apps.mydomain.com, "dns-01" challenge is "invalid": <nil>, "tls-alpn-01" challenge is "invalid": <nil>

Versions

Log

I1021 21:12:57.848500       1 cmd.go:147] ACME server url is "https://acme-v01.api.letsencrypt.org/directory "
I1021 21:12:57.848633       1 cmd.go:154] ACME server loglevel == 4
I1021 21:12:57.848649       1 cmd.go:119] No kubeconfig specified, using InClusterConfig.
I1021 21:12:57.850419       1 cmd.go:170] Watching all namespaces.
I1021 21:12:57.850458       1 cmd.go:190] "selfnamespace" is unspecified, trying inCluster
I1021 21:12:57.850578       1 cmd.go:256] Starting Route informer
I1021 21:12:57.850607       1 cmd.go:260] Starting Secret informer
I1021 21:12:57.850624       1 cmd.go:264] Exposer listen address is "0.0.0.0:5000"
I1021 21:12:57.850940       1 reflector.go:202] Starting reflector *v1.Route (10m0s) from github.com/tnozicka/openshift-acme/pkg/cmd/cmd.go:257
I1021 21:12:57.850968       1 reflector.go:240] Listing and watching *v1.Route from github.com/tnozicka/openshift-acme/pkg/cmd/cmd.go:257
I1021 21:12:57.851055       1 reflector.go:202] Starting reflector *v1.Secret (10m0s) from github.com/tnozicka/openshift-acme/pkg/cmd/cmd.go:261
I1021 21:12:57.851073       1 reflector.go:240] Listing and watching *v1.Secret from github.com/tnozicka/openshift-acme/pkg/cmd/cmd.go:261
I1021 21:12:57.851123       1 http.go:50] Http-01: server listening on http://[::]:5000/
I1021 21:12:58.351322       1 shared_informer.go:116] caches populated
I1021 21:12:58.352057       1 route.go:759] Starting Route controller
I1021 21:12:58.452244       1 shared_informer.go:116] caches populated
I1021 21:12:58.452276       1 route.go:767] Starting Route controller: informer caches synced
I1021 21:14:24.784891       1 route.go:189] Updating Route from openshift-console/console UID=a5cecc82-d532-11e8-a8ef-6c626d58b24d RV=5187 to openshift-console/console UID=a5cecc82-d532-11e8-a8ef-6c626d58b24d,RV=61115
I1021 21:14:24.785006       1 route.go:385] Started syncing Route "openshift-console/console" (2018-10-21 21:14:24.784986747 +0000 UTC m=+87.013294713)
I1021 21:14:37.519835       1 client.go:22] By continuing running this program you agree to the CA's Terms of Service (https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf ). If you do not agree exit the program immediately!
I1021 21:14:37.730529       1 builder.go:136] Registered new ACME account "https://acme-v01.api.letsencrypt.org/acme/reg/44260616 "
I1021 21:14:37.741312       1 builder.go:162] Saved new ACME account default/acme-account
I1021 21:14:37.971954       1 route.go:440] Created authorization "https://acme-v01.api.letsencrypt.org/acme/authz/mqQeSO9Q1jeLe4KR4wRw5gY3nHHo_fOyCXdF2-sKDxA " for Route openshift-console/console
I1021 21:14:37.985470       1 route.go:387] Finished syncing Route "openshift-console/console" (13.200474593s)
I1021 21:14:37.985555       1 route.go:189] Updating Route from openshift-console/console UID=a5cecc82-d532-11e8-a8ef-6c626d58b24d RV=61115 to openshift-console/console UID=a5cecc82-d532-11e8-a8ef-6c626d58b24d,RV=61143
I1021 21:14:37.985609       1 route.go:385] Started syncing Route "openshift-console/console" (2018-10-21 21:14:37.98559284 +0000 UTC m=+100.213900781)
I1021 21:14:38.159373       1 route.go:483] Route "openshift-console/console": authorization state is "pending"
I1021 21:14:38.159409       1 client.go:83] Found 3 possible combinations for authorization
I1021 21:14:38.159432       1 client.go:90] Found 1 valid combinations for authorization
I1021 21:14:38.252627       1 exposer.go:294] Waiting for exposing route openshift-console/console-acme-nvq5n to be admitted.
I1021 21:14:38.303829       1 exposer.go:321] Exposing route openshift-console/console-acme-nvq5n has been admitted. Ingresses: []v1.RouteIngress(nil)
I1021 21:14:38.303938       1 exposer.go:329] Waiting for route openshift-console/console-acme-nvq5n to be exposed on the router.
I1021 21:14:38.327316       1 exposer.go:375] Key for route openshift-console/console-acme-nvq5n is not yet exposed.
I1021 21:14:39.387328       1 exposer.go:375] Key for route openshift-console/console-acme-nvq5n is not yet exposed.
I1021 21:14:40.750387       1 exposer.go:375] Key for route openshift-console/console-acme-nvq5n is not yet exposed.
I1021 21:14:42.760856       1 exposer.go:375] Key for route openshift-console/console-acme-nvq5n is not yet exposed.
I1021 21:14:45.156858       1 http.go:78] url = 'console.apps.mydomain.com/.well-known/acme-challenge/8Wz4M5VmgLdXSTN_2VVExGt_2bU2nlCtDv5bZwh1lHY'; found = 'true'
I1021 21:14:45.157149       1 exposer.go:385] Exposing Route openshift-console/console-acme-nvq5n is accessible and contains correct response.
I1021 21:14:45.739751       1 route.go:387] Finished syncing Route "openshift-console/console" (7.754147195s)
I1021 21:14:45.739778       1 route.go:716] Error syncing Route openshift-console/console: route "openshift-console/console" - authorization has transitioned to unexpected state "invalid"
I1021 21:14:45.744975       1 route.go:385] Started syncing Route "openshift-console/console" (2018-10-21 21:14:45.744963744 +0000 UTC m=+107.973271708)
I1021 21:14:45.919305       1 route.go:483] Route "openshift-console/console": authorization state is "invalid"
I1021 21:14:45.919460       1 event.go:218] Event(v1.ObjectReference{Kind:"Route", Namespace:"openshift-console", Name:"console", UID:"a5cecc82-d532-11e8-a8ef-6c626d58b24d", APIVersion:"route.openshift.io", ResourceVersion:"61143", FieldPath:""}): type: 'Warning' reason: 'AcmeFailedAuthorization' Acme provider failed to validate domain "console.apps.mydomain.com": ["http-01" challenge is "invalid": 400 urn:acme:error:unknownHost: No valid IP addresses found for console.apps.mydomain.com, "dns-01" challenge is "invalid": <nil>, "tls-alpn-01" challenge is "invalid": <nil>]
I1021 21:14:46.024547       1 route.go:189] Updating Route from openshift-console/console UID=a5cecc82-d532-11e8-a8ef-6c626d58b24d RV=61143 to openshift-console/console UID=a5cecc82-d532-11e8-a8ef-6c626d58b24d,RV=61171
I1021 21:14:46.214825       1 route.go:387] Finished syncing Route "openshift-console/console" (469.850888ms)
I1021 21:14:46.214866       1 route.go:385] Started syncing Route "openshift-console/console" (2018-10-21 21:14:46.214860984 +0000 UTC m=+108.443168914)
I1021 21:14:46.214893       1 route.go:416] Skipping Route openshift-console/console because it is paused
I1021 21:14:46.214905       1 route.go:387] Finished syncing Route "openshift-console/console" (40.749µs)
I1021 21:19:30.349619       1 reflector.go:421] github.com/tnozicka/openshift-acme/pkg/cmd/cmd.go:261: Watch close - *v1.Secret total 2 items received
tnozicka commented 5 years ago

Is this still an issue?

No valid IP addresses found for console.apps.mydomain.com

Could it be that your DNS record is not exposed externally? It should point to your router's public IP.

openshift-bot commented 5 years ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale