New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failed to clean up previous order: issuer does not contain DNS01 configuration for provider named "clouddns" #1141

Closed
alexellis opened this Issue Dec 6, 2018 · 2 comments

Comments

Projects
None yet
3 participants
@alexellis

alexellis commented Dec 6, 2018

Bugs should be filed for issues encountered whilst operating cert-manager.
You should first attempt to resolve your issues through the community support
channels, e.g. Slack, in order to rule out individual configuration errors.
Please provide as much detail as possible.

Describe the bug:
A clear and concise description of what the bug is.

1/2 certificates renew, the other will not and gives the error:

Failed to clean up previous order: issuer does not contain DNS01 configuration for provider named "clouddns"

Expected behaviour:
A concise description of what you expected to happen.

A meaningful error / indications of steps to take. Given that the two certs use the same cluster issuer and the same DNS01 challenge I find it odd that one gives this error and the other doesn't. The configuration clearly worked for both to get the initial TLS certs about 3 months ago.

Steps to reproduce the bug:
Steps to reproduce the bug should be clear and easily reproducible to help people
gain an understanding of the problem.

Anything else we need to know?:

Environment details::

Ingress via Nginx

  • Kubernetes version (e.g. v1.10.2):
Server Version: version.Info{Major:"1", Minor:"10+", GitVersion:"v1.10.6-gke.11", GitCommit:"42df8ec7aef509caba40b6178616dcffca9d7355", GitTreeState:"clean", BuildDate:"2018-11-08T20:06:00Z", GoVersion:"go1.9.3b4", Compiler:"gc", Platform:"linux/amd64"}
  • Cloud-provider/provisioner (e.g. GKE, kops AWS, etc):

GKE Cloud DNS

  • cert-manager version (e.g. v0.4.0):

cert-manager-v0.4.1

  • Install method (e.g. helm or static manifests):

helm

/kind bug

Cert which failed:

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: o6s-com-tls
  namespace: openfaas
spec:
  acme:
    config:
    - dns01:
        provider: clouddns
      domains:
      - '*.o6s.io'
  commonName: ""
  dnsNames:
  - '*.o6s.io'
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-prod
  secretName: o6s-com-tls

2nd cert which was issued with no errors:

apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
  name: auth-system-o6s-com-tls
  namespace: openfaas
spec:
  acme:
    config:
    - dns01:
        provider: clouddns
      domains:
      - auth.system.o6s.io
  commonName: ""
  dnsNames:
  - auth.system.o6s.io
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-prod
  secretName: auth-system-o6s-com-tls

kubectl get clusterissuer -n openfaas -o yaml

apiVersion: v1
items:
- apiVersion: certmanager.k8s.io/v1alpha1
  kind: ClusterIssuer
  metadata:
    creationTimestamp: 2018-09-07T07:07:25Z
    name: letsencrypt-prod
    namespace: ""
  spec:
    acme:
      dns01:
        providers:
        - clouddns:
            project: redacted-redacted
            serviceAccountSecretRef:
              key: service-account.json
              name: clouddns-service-account
          name: prod-dns
      email: redacted@gmail.com
      privateKeySecretRef:
        key: ""
        name: letsencrypt-prod
      server: https://acme-v02.api.letsencrypt.org/directory

Ingress annotations:

      certmanager.k8s.io/acme-challenge-type: dns01
      certmanager.k8s.io/acme-dns01-provider: clouddns
      certmanager.k8s.io/cluster-issuer: letsencrypt-prod
      kubernetes.io/ingress.class: nginx
      kubernetes.io/tls-acme: "true"
@munnerz

This comment has been minimized.

Member

munnerz commented Dec 6, 2018

@munnerz

This comment has been minimized.

Member

munnerz commented Dec 14, 2018

I'm going to close this off now as I think we've resolved the issue @alexellis!

Please re open if I'm wrong though!!

@munnerz munnerz closed this Dec 14, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment