New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error checking existing TLS certificate #339
Comments
That is not an actual error - it is expected during the normal validation flow. Can you provide additional logs and details of your environment? Namely, the output of |
@munnerz , Here is the output from
Here is a copy of a log entry, they are all the same:
|
@munnerz, I let it run over night to see if anything would come of it. It still shows that same error, here is a describe output of the certificate object:
|
It seems you've specified both the
one or the other should be used - not both. This influences how cert-manager validates your ownership of the domain. For more info, see: https://github.com/jetstack/cert-manager/blob/master/docs/user-guides/acme-http-validation.md Namely:
|
@munnerz , thank you for pointing this out. I tried splitting them apart, and still got the same outcome. Below are my configs. Based on the examples, I cannot see what the issue is. Am I missing something which is staring me in the face? I have an ingress controller setup with the name 'hellok8s'.
|
Eh, looks like you are trying to use the same Secret 'clatsch-com-tls' for this Certificate and also for your Issuer secret key? That will end in tears 😄 The Issuer secret is the same for all Certificates from that ACME Issuer (e.g. Let's Encrypt) and stored separate from any of the Certificates that are issued. One 'Issuer' with one Secret issues Many 'Certificates' each with their own Secret. |
@whereisaaron Ah! Thanks, that makes sense now. Not sure how I crossed those wires. Do I need to have some existing data in the secret (clatsch-com-tls)? I noticed that if I do not create an empty secret, the certificate events look like they process successfully, except there comes a point where it states "cannot find secret clatsch-com-tls." When I create a generic secret before hand, I get:
Which is the correct method to dealing with the secret (clatsch-com-tls)? The lets encrypt url i'm using is
|
I removed all the old artifacts and re-ran the processes, and all works. thanks @munnerz and @whereisaaron ! |
@WB3Tech great it is working! You don't need to create the Issuer or Certificate Secrets yourself. The Issuer is Secret will be created when |
Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug
What happened:
Attempting to install certificate and receive the following message:
Error checking existing TLS certificate: no data for "tls.crt" in secret
When I check the secret, there is only a tls.key
I deleted all the objects, then attempted to create again. Before I created the certificate, I check the secret after the issuer was created, there was only a tls.key in there as well.
I'm using ACME with http01. I have also tried dns01 with clouddns, and I receive the same messages.
I was able to get everything to work with a CA.
Anything else we need to know?:
Attempting to find out what the issue is, possibly something i'm doing wrong?
Environment:
The text was updated successfully, but these errors were encountered: