Closed yunkaiOr2 closed 9 months ago
E0119 05:43:54.280405 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="failed reading secret \"cert-manager/\": resource name may not be empty" key="code/alidns-webhook-webhook-tls-1-501305060-3942196719"
kc logs -f pod/cert-manager-84c4b56667-7xqm8 -n cert-manager
Hi, it appears that there is a configuration error in your ClusterIssuer
. The secretKeySecretRef
should be modified to accessKeySecretRef
. Please refer to the example configuration in https://github.com/wjiec/alidns-webhook?tab=readme-ov-file#configure-a-issuer for more details.
now
SDKError: StatusCode: 404 Code: InvalidAccessKeyId.NotFound Message: code: 404, Specified access key is not found. request id: 137AE51A-57AA-5895-B6C4-C048C0D6FA22 Data: {"Code":"InvalidAccessKeyId.NotFound","HostId":"dns.aliyuncs.com","Message":"Specified access key is not found.","Recommend":"https://api.aliyun.com/troubleshoot?q=InvalidAccessKeyId.NotFound\u0026product=Alidns\u0026requestId=137AE51A-57AA-5895-B6C4-C048C0D6FA22","RequestId":"137AE51A-57AA-5895-B6C4-C048C0D6FA22","statusCode":404}
`# kustomization.yaml resources:
It appears that the accessKeyId you've provided is invalid, or there may be an error with the Secret referenced in your ClusterIssuer
. Please make sure that the RAM account (or primary account) you are using is valid and has been correctly granted DNS-related permissions.
Alternatively, you can obtain the official diagnostic information from Aliyun at https://api.aliyun.com/troubleshoot?q=InvalidAccessKeyId.NotFound&product=Alidns&requestId=137AE51A-57AA-5895-B6C4-C048C0D6FA22
.
` apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-pro spec: acme:
The ACME server URL, 使用staging环境颁发的证书无法正常公网使用,需要本地添加受信任根证书
apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: m6exyz-cn-ca-tsl labels: app: alidns-webhook spec: duration: 2160h # 90d renewBefore: 360h # 15d privateKey: algorithm: RSA encoding: PKCS1 size: 2048 secretName: ca-tsl dnsNames:
We can reference ClusterIssuers by changing the kind here.
The default value is Issuer (i.e. a locally namespaced Issuer)
kind: ClusterIssuer `