-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error instantiating cloudflare challenge solver: Cloudflare token invalid #3023
Comments
Might be related to #3021. |
That errors comes from the cert-manager header value validation function, which is a copy out of Go's validation It seems to have an invalid (invisible) character in that token. /remove-kind bug |
@jmgilman if this issue still persists - verify how you create the secret itself. Above error will also show when instead os stringData you'd use Data:
And the above problem might be hard to debug. |
Closing this as the documentation and errors have been improved. Feel free to /reopen /close |
@meyskens: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Describe the bug:
When attempting to solve dns01 challenges using the CloudFlare provider the challenge resource is presenting the following error:
Expected behaviour:
Expected the challenge to use the provided valid token successfully.
Steps to reproduce the bug:
Follow the steps here and then create a certificate that uses the dns01 challenge.
Anything else we need to know?:
I verified the secret data does not have an inerrant newline in it:
The above two commands produce the exact same base64 encoded string. CloudFlare provides an endpoint for validating tokens which makes a more definitive test:
So it's fairly clear there is nothing wrong with the token. Unfortunately, I can't find any more details on why
cert-manager
is convinced that the token is invalid. I've included the configs for reference. I've also added a screenshot of the token configuration.ClusterIssuer
Secret
Certificate
Environment details::
/kind bug
The text was updated successfully, but these errors were encountered: