Reputation: 11
Kubernetes cert-manager certificate issuing problem: no such host" logger="cert-manager.controller"
I'm trying to install kubernetes-dashboard with ingress-nginx and cert-manager, i'm also using NodePort as my service (as k8s self-hosted on VPS).
This is error i'm struck with:
kubectl logs cert-manager-57d855897b-ncfh9 -n cert-manager
1 sync.go:208] "propagation check failed" err="failed to perform self check GET request 'http://kube.mydomain.com/.well-known/acme-challenge/n1dDA-0omTQgX1aNHLZ4u16mVv0TSP1J40ikSDuEm1M': Get "http://kube.mydomain.com/.well-known/acme-challenge/n1dDA-0omTQgX1aNHLZ4u16mVv0TSP1J40ikSDuEm1M": dial tcp: lookup kube.mydomain.com on 169.254.25.10:53: no such host" logger="cert-manager.controller" resource_name="kubernetes-dashboard-1-2318444317-3591028914" resource_namespace="kubernetes-dashboard" resource_kind="Challenge" resource_version="v1" dnsName="kube.mydomain.com" type="HTTP-01"
This is my cluster issuer:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: [email protected]
privateKeySecretRef:
name: kubernetes-dashboard
solvers:
- http01:
ingress:
class: nginx
and my ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/auth-tls-verify-client: "false"
spec:
ingressClassName: nginx
tls:
- hosts:
- kube.mydomain.com
secretName: kubernetes-dashboard
rules:
- host: kube.mydomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard-kong-proxy
port:
number: 443
My services
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cert-manager cert-manager ClusterIP 10.233.16.43 <none> 9402/TCP 88m
cert-manager cert-manager-cainjector ClusterIP 10.233.30.141 <none> 9402/TCP 88m
cert-manager cert-manager-webhook ClusterIP 10.233.58.32 <none> 443/TCP,9402/TCP 88m
default kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 3h39m
default my-service ClusterIP 10.233.59.123 <none> 8080/TCP 74m
ingress-nginx ingress-nginx-controller NodePort 10.233.50.143 <none> 80:31321/TCP,443:31732/TCP 120m
ingress-nginx ingress-nginx-controller-admission ClusterIP 10.233.35.145 <none> 443/TCP 120m
kube-system coredns ClusterIP 10.233.0.3 <none> 53/UDP,53/TCP,9153/TCP 3h34m
kube-system metrics-server ClusterIP 10.233.45.81 <none> 443/TCP 3h33m
kubernetes-dashboard cm-acme-http-solver-82rcx NodePort 10.233.6.209 <none> 8089:31292/TCP 16m
kubernetes-dashboard kubernetes-dashboard-api ClusterIP 10.233.59.78 <none> 8000/TCP 88m
kubernetes-dashboard kubernetes-dashboard-auth ClusterIP 10.233.11.67 <none> 8000/TCP 88m
kubernetes-dashboard kubernetes-dashboard-kong-proxy ClusterIP 10.233.35.187 <none> 443/TCP 88m
kubernetes-dashboard kubernetes-dashboard-metrics-scraper ClusterIP 10.233.48.68 <none> 8000/TCP 88m
kubernetes-dashboard kubernetes-dashboard-web ClusterIP 10.233.9.17 <none> 8000/TCP 88m
Upvotes: 0
Views: 55
Answers (0)
Related Questions
- Problem installing Issuer (cert-manager) inside GKE cluster tls: failed to verify certificate: x509: certificate signed by unknown authority
- cert-manager does not issue certificate after upgrading to AKS k8s 1.24.6
- Kubernetes Letsencrypt Cert-Manager Acme http-01 challenge propagation: wrong status code '404', expected '200'
- Let's Encrypt kubernetes Ingress Controller issuing Fake Certificate
- Cert-Manager get certificate, but web browser shows "Kubernetes Ingress Controller Fake Certificate"
- K8s Internal ACME server with cert-manager for issuing only internal k8s certs - htttp challenge issue
- Can't deploy kubernetes dashboard (HTTPS) publicly
- Configure SSL certificates in kubernetes with cert-manager istio ingress and LetsEncrypt
- How to automate Let's Encrypt certificate renewal in Kubernetes with cert-manager on a bare-metal cluster?