Failed to load alidns cause by "failed reading secret \"cert-manager/\": resource name may not be empty"

[yunkaiOr2]

` apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-pro spec: acme:

The ACME server URL, 使用staging环境颁发的证书无法正常公网使用，需要本地添加受信任根证书

# server: https://acme-staging-v02.api.letsencrypt.org/directory
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: xxx@163.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
  name: letsencrypt-pro-account-key
solvers:
  - dns01:
      webhook:
        groupName: "acme.yourcompany.com"
        solverName: alidns
        config:
          region: ""
          accessKeyIdRef:
            name: aliyun-api-token-secret
            key: access-key
          secretKeySecretRef:
            name: aliyun-api-token-secret
            key: secret-key 

---

apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: m6exyz-cn-ca-tsl labels: app: alidns-webhook spec: duration: 2160h # 90d renewBefore: 360h # 15d privateKey: algorithm: RSA encoding: PKCS1 size: 2048 secretName: ca-tsl dnsNames:

• "xxx.cn"
• "*.xxx.cn" issuerRef: name: letsencrypt-pro

  We can reference ClusterIssuers by changing the kind here.

  The default value is Issuer (i.e. a locally namespaced Issuer)

  kind: ClusterIssuer `

[yunkaiOr2]

E0119 05:43:54.280405 1 controller.go:167] "cert-manager/challenges: re-queuing item due to error processing" err="failed reading secret \"cert-manager/\": resource name may not be empty" key="code/alidns-webhook-webhook-tls-1-501305060-3942196719"

kc logs -f pod/cert-manager-84c4b56667-7xqm8 -n cert-manager

[wjiec]

Hi, it appears that there is a configuration error in your ClusterIssuer. The secretKeySecretRef should be modified to accessKeySecretRef. Please refer to the example configuration in https://github.com/wjiec/alidns-webhook?tab=readme-ov-file#configure-a-issuer for more details.

[yunkaiOr2]

now

SDKError: StatusCode: 404 Code: InvalidAccessKeyId.NotFound Message: code: 404, Specified access key is not found. request id: 137AE51A-57AA-5895-B6C4-C048C0D6FA22 Data: {"Code":"InvalidAccessKeyId.NotFound","HostId":"dns.aliyuncs.com","Message":"Specified access key is not found.","Recommend":"https://api.aliyun.com/troubleshoot?q=InvalidAccessKeyId.NotFound\u0026product=Alidns\u0026requestId=137AE51A-57AA-5895-B6C4-C048C0D6FA22","RequestId":"137AE51A-57AA-5895-B6C4-C048C0D6FA22","statusCode":404}

[yunkaiOr2]

`# kustomization.yaml resources:

• cert-manager.yaml secretGenerator:
• name: aliyun-api-token-secret envs:
  • .env # token 就存放在这里，这个文件不会被提交到 Git 仓库中 generatorOptions: disableNameSuffixHash: true`

[wjiec]

It appears that the accessKeyId you've provided is invalid, or there may be an error with the Secret referenced in your ClusterIssuer. Please make sure that the RAM account (or primary account) you are using is valid and has been correctly granted DNS-related permissions.

[wjiec]

Alternatively, you can obtain the official diagnostic information from Aliyun at https://api.aliyun.com/troubleshoot?q=InvalidAccessKeyId.NotFound&product=Alidns&requestId=137AE51A-57AA-5895-B6C4-C048C0D6FA22.