wjiec / alidns-webhook

alidns-webhook is a generic ACME solver for cert-manager.
MIT License
36 stars 11 forks source link

Failed to load alidns cause by "failed reading secret \"cert-manager/\": resource name may not be empty" #10

Closed yunkaiOr2 closed 9 months ago

yunkaiOr2 commented 9 months ago

` apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-pro spec: acme:

The ACME server URL, 使用staging环境颁发的证书无法正常公网使用,需要本地添加受信任根证书

# server: https://acme-staging-v02.api.letsencrypt.org/directory
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: xxx@163.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
  name: letsencrypt-pro-account-key
solvers:
  - dns01:
      webhook:
        groupName: "acme.yourcompany.com"
        solverName: alidns
        config:
          region: ""
          accessKeyIdRef:
            name: aliyun-api-token-secret
            key: access-key
          secretKeySecretRef:
            name: aliyun-api-token-secret
            key: secret-key 

apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: m6exyz-cn-ca-tsl labels: app: alidns-webhook spec: duration: 2160h # 90d renewBefore: 360h # 15d privateKey: algorithm: RSA encoding: PKCS1 size: 2048 secretName: ca-tsl dnsNames:

yunkaiOr2 commented 9 months ago

E0119 05:43:54.280405 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="failed reading secret \"cert-manager/\": resource name may not be empty" key="code/alidns-webhook-webhook-tls-1-501305060-3942196719"

kc logs -f pod/cert-manager-84c4b56667-7xqm8 -n cert-manager

wjiec commented 9 months ago

Hi, it appears that there is a configuration error in your ClusterIssuer. The secretKeySecretRef should be modified to accessKeySecretRef. Please refer to the example configuration in https://github.com/wjiec/alidns-webhook?tab=readme-ov-file#configure-a-issuer for more details.

yunkaiOr2 commented 9 months ago

now

SDKError: StatusCode: 404 Code: InvalidAccessKeyId.NotFound Message: code: 404, Specified access key is not found. request id: 137AE51A-57AA-5895-B6C4-C048C0D6FA22 Data: {"Code":"InvalidAccessKeyId.NotFound","HostId":"dns.aliyuncs.com","Message":"Specified access key is not found.","Recommend":"https://api.aliyun.com/troubleshoot?q=InvalidAccessKeyId.NotFound\u0026product=Alidns\u0026requestId=137AE51A-57AA-5895-B6C4-C048C0D6FA22","RequestId":"137AE51A-57AA-5895-B6C4-C048C0D6FA22","statusCode":404}

yunkaiOr2 commented 9 months ago

`# kustomization.yaml resources:

wjiec commented 9 months ago

It appears that the accessKeyId you've provided is invalid, or there may be an error with the Secret referenced in your ClusterIssuer. Please make sure that the RAM account (or primary account) you are using is valid and has been correctly granted DNS-related permissions.

wjiec commented 9 months ago

Alternatively, you can obtain the official diagnostic information from Aliyun at https://api.aliyun.com/troubleshoot?q=InvalidAccessKeyId.NotFound&product=Alidns&requestId=137AE51A-57AA-5895-B6C4-C048C0D6FA22.