Reputation: 595
cert-manager can use DNS-01 challenge on GKE, with "xip.io" domain?
I tried to get tls using cert-manager DNS-01 challenge on GKE.
So far, I don't have any domain so I want to use xip.op, DNS zone : test DNname: 111.222.333.444.xip.io
and I have record set, like web.111.222.333.444.xip.ip whose A record data is "111.222.333.444"
Then adding Issuer & Certificate on GKE, but checking challenge,
$ kubectl describe challenge
Error presenting challenge: No matching GoogleCloud domain found for domain xip.io.
We cannot use DNS-01 validation to xip.io domain ? Because of firewall rule, I need to use DNS-01 instead of HTTP-01.
I beg someone's help
Upvotes: 0
Views: 728
Answers (1)
Reputation: 239890
No, that won't work. For DNS-01 you need to use a real domain, that you control (and can create DNS entries under). For it to work with cert-manager you additionally need to have the DNS managed by one of cert-manager's supported DNS providers (Google Cloud DNS being perhaps the easiest choice if you're using GKE, but not the only one).
Upvotes: 2
Related Questions
- Cert manager DNS01 challenge for Goole Domains DNS
- How to use the Google Managed Certificate for GKE Kubernetes
- Certmanager Cross Project DNS01 Challenge Fail
- Cert-manager fails to complete dns01 challenge with cloudflare
- cert-mananger configuration on GKE with clouddns
- gke cert manager certificate in progress
- Acccess Google Cloud DNS Cross project
- GKE Managed Certificate not serving over HTTPS
- Let's encrypt on GKE with Cert-manager : Invalid certificate
- Access GCP Cloud DNS from pods on GKE