You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 26, 2021. It is now read-only.
Looking in the logs for the kube-lego pod, i'm seeing "Error during getting secret: resource name may not be empty" appear quite frequently. kube-lego is able to fetch a certificate, but because of this error it appears to not store it and thus tries to fetch a new certificate, eventually hitting LE's rate limit on certificate issuance.
2016-11-20T12:17:22.492732131Z time="2016-11-20T12:17:22Z" level=info msg="requesting certificate for domain1.kingj.net,domain2.kingj.net" context="ingress_tls" name=domain1-ingress namespace=default
2016-11-20T12:17:23.207569614Z time="2016-11-20T12:17:23Z" level=debug msg="testing reachablity of http://domain2.kingj.net/.well-known/acme-challenge/_selftest" context=acme domain=domain2.kingj.net
2016-11-20T12:17:23.207887947Z time="2016-11-20T12:17:23Z" level=debug msg="testing reachablity of http://domain1.kingj.net/.well-known/acme-challenge/_selftest" context=acme domain=domain1.kingj.net
2016-11-20T12:17:24.507967398Z time="2016-11-20T12:17:24Z" level=debug msg="got authorization: &{URI:https://acme-v01.api.letsencrypt.org/acme/challenge/REMOVED Status:valid Identifier:{Type: Value:} Challenges:[] Combinations:[]}" context=acme domain=domain1.kingj.net
2016-11-20T12:17:24.508068395Z time="2016-11-20T12:17:24Z" level=info msg="authorization successful" context=acme domain=domain1.kingj.net
2016-11-20T12:17:24.508862168Z time="2016-11-20T12:17:24Z" level=debug msg="got authorization: &{URI:https://acme-v01.api.letsencrypt.org/acme/challenge/REMOVED Status:valid Identifier:{Type: Value:} Challenges:[] Combinations:[]}" context=acme domain=domain2.kingj.net
2016-11-20T12:17:24.508943840Z time="2016-11-20T12:17:24Z" level=info msg="authorization successful" context=acme domain=domain2.kingj.net
2016-11-20T12:17:25.726043026Z time="2016-11-20T12:17:25Z" level=info msg="successfully got certificate: domains=[domain1.kingj.net domain2.kingj.net] url=https://acme-v01.api.letsencrypt.org/acme/cert/REMOVED" context=acme
2016-11-20T12:17:25.726140077Z time="2016-11-20T12:17:25Z" level=debug msg="certificate pem data:"REMOVED" context=acme
2016-11-20T12:17:25.726308003Z time="2016-11-20T12:17:25Z" level=warning msg="Error during getting secret: resource name may not be empty" context=kubelego
2016-11-20T12:17:25.726400451Z time="2016-11-20T12:17:25Z" level=error msg="Error while process certificate requests: resource name may not be empty" context=kubelego
2016-11-20T12:17:25.726414706Z time="2016-11-20T12:17:25Z" level=debug msg="worker: done processing true" context=kubelego
The ingress i'm requesting a certificate for, the nginx LB and kube-lego are all part of the default namespace.
The text was updated successfully, but these errors were encountered:
Looks like this was a case of user error! In my application's Ingress configuration, I had neglected to specify a secretName in the tls section - I had only specified the hosts. I'm guessing that this meant that kube-lego attempted to read/write from a secret without a name, causing the error I saw. This may also be the cause of some Secret default/ does not exists errors I saw in the nginx load balancer's logs.
After re-deploying my application with a secretName specified (and a different set of domains so as to bypass the LE lockout), kube-lego was able to retrieve and store the certificate 😄 .
Looking in the logs for the kube-lego pod, i'm seeing "Error during getting secret: resource name may not be empty" appear quite frequently. kube-lego is able to fetch a certificate, but because of this error it appears to not store it and thus tries to fetch a new certificate, eventually hitting LE's rate limit on certificate issuance.
The ingress i'm requesting a certificate for, the nginx LB and kube-lego are all part of the default namespace.
The text was updated successfully, but these errors were encountered: