search

wjiec / alidns-webhook

alidns-webhook is a generic ACME solver for cert-manager.
MIT License
36 stars 11 forks source link

Issuing certificate as Secret does not exist #21

Closed xioobu closed 4 months ago

xioobu commented 4 months ago 
Status:
  Conditions:
    Last Transition Time:        2024-06-19T03:57:50Z
    Message:                     Issuing certificate as Secret does not exist
    Observed Generation:         1
    Reason:                      DoesNotExist
    Status:                      False
    Type:                        Ready
    Last Transition Time:        2024-06-19T03:57:50Z
    Message:                     Issuing certificate as Secret does not exist
    Observed Generation:         1
    Reason:                      DoesNotExist
    Status:                      True
    Type:                        Issuing
  Next Private Key Secret Name:  stat-xioobu-cn.tls-5s8qm
Events:                          <none>
root@lax:~/.laf/mydeploy# kubectl get certificate
NAME                 READY   SECRET               AGE
stat-xioobu-cn.tls   False   stat-xioobu-cn.tls   118m
root@lax:~/.laf/mydeploy# kubectl get secret
NAME                       TYPE     DATA   AGE
stat-xioobu-cn.tls-5s8qm   Opaque   1      118m
apiVersion: v1
kind: Secret
metadata:
  name: alidns-secret
  namespace: cert-manager
stringData:
  access-key-id: ""
  access-key-secret: ""
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: xioobu-acme
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: liz3002@126.com # Change ME
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: xioobu-acme
    solvers:
      - dns01:
          webhook:
            groupName: acme.xioobu.cn # Change ME
            solverName: alidns
            config:
              accessKeyIdRef:
                name: alidns-secret
                key: access-key-id
              accessKeySecretRef:
                name: alidns-secret
                key: access-key-secret
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: stat-xxx-cn
  annotations:
    cert-manager.io/cluster-issuer: "xxx-acme"
    # cert-manager.io/issuer: "example-acme"
spec:
  tls:
  - hosts:
    - laf.xxx.cn
    secretName: stat-xxx-cn.tls
  rules:
  - host: laf.xxx.cn
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: backend-service
            port:
              name: http
wjiec commented 4 months ago

Hi, this should be the normal status, it takes a while to issue certificates (depending on your network and letsencrypt load, usually 5-30 minutes). Can you confirm the status of the certificate now?

xioobu commented 4 months ago

Thank you, wait and create successfully! The certificate was created successfully, but it is not secure to display on my browser @wjiec

wjiec commented 4 months ago

hi @xioobu , generally this should not happen, please check your browser cache, system time and other settings that can cause the certificate to be insecure, you can also verify the validity of the certificate via curl or an online validation service.

I can verify it in my environment if you can provide your domain.

xioobu commented 4 months ago

https://laf.xioobu.cn/ @wjiec

xioobu commented 4 months ago

I think it's the cache. I deleted the browser cache and it was restored Thank you!

wjiec commented 4 months ago

Yes, you can see from here that your certificate is valid