-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
no Let's Encrypt certificate #7
Comments
I'm seeing the same symptoms on a CX11 with Debian 10. After installing the setup/router helm chart, a NAME READY STATUS RESTARTS AGE
svclb-traefik-9d4xg 2/2 Running 0 4s
landingpage-86fb86f6-qtcws 1/1 Running 0 4s
traefik-6bc795bfcd-g6dgz 1/1 Running 0 4s Looking at the logs via time="2020-04-16T09:53:13Z" level=error msg="Unable to obtain ACME certificate for domains \"www.redacted.org\": cannot get ACME client get directory at 'https://acme-staging-v02.api.letsencrypt.org/directory': Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": dial tcp: i/o timeout" rule="Host(`www.redacted.org`) && Path(`/`)" routerName=default-ingressroute-landingpage-b6c1df3ebe77e8940f06@kubernetescrd providerName=default.acme This is shown using the staging server, but the same happens when using The interesting bit is the log detail… cannot get ACME client get directory at 'https://acme-staging-v02.api.letsencrypt.org/directory' …which says that The process times out with:
I have deactivated IPv6 on the host (since @jamct lists |
Meanwhile I managed to 'solve' my issue by completely bulldozing and recreating the VM. I suspect docker and its networking setup, as this was the only difference between the two VMs (i.e. I used to use docker to orchestrate container based services before, now docker is only running in the background while k3s is the only orchestrator). |
@pwannenmacher can you aquire logs the way I described above (and post them here)? |
Using the same commands as you did... root@team-cloud:~# kubectl get pods NAME READY STATUS RESTARTS AGE root@team-cloud:~# kubectl logs -f traefik-7f444457b7-tgz8r time="2020-04-16T05:58:52Z" level=info msg="Configuration loaded from flags."
|
I get the same error as @pwannenmacher . I am running on a freshly installed Ubuntu 18.04 LTS. I literally only executed the install.sh and the helm chart on that server.
I am new to the whole kubernetes thing and need a little bit of guidance in which logs to consult. What I do not understand is, that I can connect to my services on port 80 or 443, however they are not listed using
|
@Rossojo Did you configure IPv6? We did not test this setup with IPv6 at the moment |
I indeed have setup IPv6 🤔 I will try without in the next couple of days. |
I have the same error, also made the mistake to setup ipv6. Now i deactivated ipv6 in the system and removed the AAAA records. The errors are gone now but I still get a certificate warning. Does it simply take some time until I get the certificates? If so, how long? |
Ok, I setup a fresh server and did not enable IPv6. Now everything seems to work as expected. Seems to me that this setup confirmably does create certificates using IPv6. As an addition I also had to wait for the DNS records (AAAA) to be invalidated. Before that certificate creation resulted in timeout errors |
Thanks for your feedback. I'm working in IPv6 support at the moment! |
Similar problem here. Got to work the certificate for www.example.org but nextcloud under cloud.example.org was not showing up. I screwed Ubuntu, installed Debian and disabled ipv6 for eth0, adding the following lines to /etc/sysctl.conf: After 2 days of tinkering, the nextcloud shows up. YEAH! The experience of an "easy" all-in-one-solution" is degraded. |
not tested = not working :-( did: and get certificate after reconnecting, because I was connected with ipv6 (off course, we have 2020). So this is a big issue :-) |
I don't get any Let's Encrypt certificate following your instructions.
The Setting:
Even after hours there is only the 'TRAEFIK DEFAULT CERT'...
The text was updated successfully, but these errors were encountered: