Support for subdomains #123
Description
What happened?
Hi,
we want to use this webhook to create certificates for our service running in a subdomain. But in the webhook I always see this error logged:
{"level":"error","ts":1765226935.7196543,"caller":"resolver/resolver.go:160","msg":"Error fetching zone","error":"zone not found","zoneDnsName":"example.de","stacktrace":"g │
│ ithub.com/stackitcloud/stackit-cert-manager-webhook/internal/resolver.(*stackitDnsProviderResolver).initializeResolverContext\n\t/home/runner/work/stackit-cert-manager-web │
│ hook/stackit-cert-manager-webhook/internal/resolver/resolver.go:160\ngithub.com/stackitcloud/stackit-cert-manager-webhook/internal/resolver.(*stackitDnsProviderResolver).P │
│ resent\n\t/home/runner/work/stackit-cert-manager-webhook/stackit-cert-manager-webhook/internal/resolver/resolver.go:69\ngithub.com/cert-manager/cert-manager/pkg/acme/webho │
│ ok/registry/challengepayload.(*REST).callSolver\n\t/home/runner/go/pkg/mod/github.com/cert-manager/cert-manager@v1.17.3/pkg/acme/webhook/registry/challengepayload/challeng │
│ e_payload.go:90\ngithub.com/cert-manager/cert-manager/pkg/acme/webhook/registry/challengepayload.(*REST).Create\n\t/home/runner/go/pkg/mod/github.com/cert-manager/cert-man │
│ ager@v1.17.3/pkg/acme/webhook/registry/challengepayload/challenge_payload.go:70\nk8s.io/apiserver/pkg/endpoints/handlers.(*namedCreaterAdapter).Create\n\t/home/runner/go/p │
│ kg/mod/k8s.io/apiserver@v0.32.4/pkg/endpoints/handlers/create.go:254\nk8s.io/apiserver/pkg/endpoints/handlers.CreateResource.createHandler.func1.1\n\t/home/runner/go/pkg/m │
│ od/k8s.io/apiserver@v0.32.4/pkg/endpoints/handlers/create.go:184\nk8s.io/apiserver/pkg/endpoints/handlers.CreateResource.createHandler.func1.2\n\t/home/runner/go/pkg/mod/k │
│ 8s.io/apiserver@v0.32.4/pkg/endpoints/handlers/create.go:209\nk8s.io/apiserver/pkg/endpoints/handlers/finisher.finishRequest.func1\n\t/home/runner/go/pkg/mod/k8s.io/apiser │
│ ver@v0.32.4/pkg/endpoints/handlers/finisher/finisher.go:117"}
Domains are changed to example.de and test.example.de.
From one of our challenges:
│ Dns Name: id.test.example.de
│ Issuer Ref:
│ Kind: Issuer
│ Name: letsencrypt-prod-dns-stackit
│ Solver:
│ dns01:
│ Webhook:
│ Config:
│ Auth Token Secret Ref: stackit-sa-authentication
│ Project Id: aaaa-bbbb-cccc-dddd-eeeeeeee
│ Group Name: acme.stackit.de
│ Solver Name: stackit
│ Selector:
│ Dns Zones:
│ argocd-test.opndsk.de
And the Issuer:
spec:
acme:
privateKeySecretRef:
name: letsencrypt-prod-dns-key-stackit
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- dns01:
webhook:
config:
authTokenSecretRef: stackit-sa-authentication
projectId: aaaaaaaa-bbbb-cccc-deeeeeeee
groupName: acme.stackit.de
solverName: stackit
selector:
dnsZones:
- test.example.de
Do I miss some parameters to set?
We manage the subdomain test.example.de in our stackit-project, the example.de domain is managed in aws and delegated to stackit NS like described in the Portal.
How can we reproduce this?
Create an issuer for a subdomain like above and try to request a certificate
Search
- I did search for other open and closed issues before opening this.
Code of Conduct
- I agree to follow this project's Code of Conduct
Additional context
No response