INT 21h

Hi, I am Vladimir Smagin, SysAdmin and

Kaptain. Telegram Email / GIT / RSS / GPG

cert-manager can’t resolve new domain to perform HTTP01 challenge

№ 10443 В разделе Sysadmin от December 14th, 2019,
В подшивках: cert-manager, Helm, Kubernetes

In ingress resource you created new domain to perform HTTP01 challenge and obtain new LE certificate but something goes wrong in log file:

E1214 14:35:06.644315 1 sync.go:183] cert-manager/controller/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request 'http://test.k8s.blindage.org/.well-known/acme-challenge/nmxxZh0K7iXuOnqGRm52PqymHj8YFVpN2MryLfRdVoU': Get http://test.k8s.blindage.org/.well-known/acme-challenge/nmxxZh0K7iXuOnqGRm52PqymHj8YFVpN2MryLfRdVoU: dial tcp: lookup test.k8s.blindage.org on 10.245.0.10:53: no such host" "dnsName"="test.k8s.blindage.org" "resource_kind"="Challenge" "resource_name"="tls-test-k8s-blindage-org-749846670-0" "resource_namespace"="testing" "type"="http-01"

… and this error repeats multiple times without any progress. Its managed Kubernetes in DigitalOcean.

To solve this problem just uncomment these lines in Helm chart of cert-manager to provide your own nameservers:

podDnsPolicy: "None"
podDnsConfig:
  nameservers:
    - "1.1.1.1"
    - "8.8.8.8"

Voila! You got new certificate.

Нет комментариев »

Последние записи

Микроблог перейти

Fortune cookie: "I go the way that Providence dictates with the assurance of a sleepwalker." [Adolf Hitler, Speech, 15 March 1936, Munich, Germany.]

INT 21h

cert-manager can’t resolve new domain to perform HTTP01 challenge

Leave a Reply Cancel reply

Последние записи

Комментарии

Микроблог перейти