DNS seems ok without reach the let's encrypt limit, but the certificate did not create

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
bank-dev.konyfabric.tailwindsw.com

I ran this command:
Ran the yaml file below:

It produced this output:
E1012 17:28:09.990275 1 controller.go:158] cert-manager/controller/CertificateReadiness "msg"="re-queuing item due to error processing" "error"="Operation cannot be fulfilled on certificates.cert-manager.io "quantum-ingress2": the object has been modified; please apply your changes to the latest version and try again" "key"="quantum-v9-deploy/quantum-ingress2"

My web server is (include version):
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kony-fabric-nginx-ingress0
namespace: quantum-v9-deploy
annotations:
# Whether to strip ingress base paths while forwarding to backends or not.
# nginx.ingress.kubernetes.io/rewrite-target: /
# AWS: By default ELB will not pass along the hostname information.
# So, make sure that the ELB that get's created will have proxy protocol enabled.
# And configmap entry of 'use-proxy-protocol: "true"' is also required.
#service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
kubernetes.io/ingress.class: nginx
cert-manager.io/issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
# Whether to redirect http to https or not.
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

# Enable sticky session
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: idsessionid secure
nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"

# Max post size
nginx.ingress.kubernetes.io/proxy-body-size: "262M"

spec:
tls:


Ingress controller config

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kony-fabric-nginx-ingress1
namespace: quantum-v9-deploy
annotations:
# Whether to strip ingress base paths while forwarding to backends or not.
# nginx.ingress.kubernetes.io/rewrite-target: /
# AWS: By default ELB will not pass along the hostname information.
# So, make sure that the ELB that get's created will have proxy protocol enabled.
# And configmap entry of 'use-proxy-protocol: "true"' is also required.
#service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
kubernetes.io/ingress.class: nginx
cert-manager.io/issuer: letsencrypt-prod
acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"

# Whether to redirect http to https or not.
#nginx.ingress.kubernetes.io/ssl-redirect: "false"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"

# Enable sticky session
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: csessionid secure
nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"

# Max post size
nginx.ingress.kubernetes.io/proxy-body-size: "262M"

spec:
tls:

  • hosts:
    • bank-dev.konyfabric.tailwindsw.com
      secretName: quantum-ingress1
      rules:
    • host: bank-dev.konyfabric.tailwindsw.com
      http:
      paths:
      # Console paths
      - path: /mfconsole
      backend:
      serviceName: kony-fabric-console
      servicePort: 8080
      - path: /accounts
      backend:
      serviceName: kony-fabric-console
      servicePort: 8080
      - path: /workspace
      backend:
      serviceName: kony-fabric-console
      servicePort: 8080

Ingress controller config

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kony-fabric-nginx-ingress2
namespace: quantum-v9-deploy
annotations:
# Whether to strip ingress base paths while forwarding to backends or not.
# nginx.ingress.kubernetes.io/rewrite-target: /
# AWS: By default ELB will not pass along the hostname information.
# So, make sure that the ELB that get's created will have proxy protocol enabled.
# And configmap entry of 'use-proxy-protocol: "true"' is also required.
#service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
kubernetes.io/ingress.class: nginx
cert-manager.io/issuer: letsencrypt-prod
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
# Whether to redirect http to https or not.
#nginx.ingress.kubernetes.io/ssl-redirect: "false"

# Enable sticky session
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: insessionid secure
nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"

# Max post size
nginx.ingress.kubernetes.io/proxy-body-size: "262M"

spec:
tls:

  • hosts:
    • bank-dev.konyfabric.tailwindsw.com
      secretName: quantum-ingress2
      rules:
    • host: bank-dev.konyfabric.tailwindsw.com
      http:
      paths:
      # Integration paths
      - path: /admin
      backend:
      serviceName: kony-fabric-integration
      servicePort: 8080
      - path: /services
      backend:
      serviceName: kony-fabric-integration
      servicePort: 8080
      - path: /apps
      backend:
      serviceName: kony-fabric-integration
      servicePort: 8080

Ingress controller config

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kony-fabric-nginx-ingress3
namespace: quantum-v9-deploy
annotations:
# Whether to strip ingress base paths while forwarding to backends or not.
# nginx.ingress.kubernetes.io/rewrite-target: /
# AWS: By default ELB will not pass along the hostname information.
# So, make sure that the ELB that get's created will have proxy protocol enabled.
# And configmap entry of 'use-proxy-protocol: "true"' is also required.
#service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
kubernetes.io/ingress.class: nginx
cert-manager.io/issuer: letsencrypt-prod
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
# Whether to redirect http to https or not.
#nginx.ingress.kubernetes.io/ssl-redirect: "false"

# Enable sticky session
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: ksessionid secure
nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"

# Max post size
nginx.ingress.kubernetes.io/proxy-body-size: "262M"

spec:
tls:


Ingress controller config

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kony-fabric-nginx-ingress4
namespace: quantum-v9-deploy
annotations:
# Whether to strip ingress base paths while forwarding to backends or not.
# nginx.ingress.kubernetes.io/rewrite-target: /
# AWS: By default ELB will not pass along the hostname information.
# So, make sure that the ELB that get's created will have proxy protocol enabled.
# And configmap entry of 'use-proxy-protocol: "true"' is also required.
kubernetes.io/ingress.class: nginx
cert-manager.io/issuer: letsencrypt-prod
#service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'

# Whether to redirect http to https or not.
#nginx.ingress.kubernetes.io/ssl-redirect: "false"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
acme.cert-manager.io/http01-edit-in-place: "true"
#cert-manager.io/issue-temporary-certificate: "true"
# Enable sticky session
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: ksessionid secure
nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"

# Max post size
nginx.ingress.kubernetes.io/proxy-body-size: "262M"

spec:
tls:

  • hosts:
    • bank-dev.konyfabric.tailwindsw.com
      secretName: quantum-ingress4
      rules:
    • host: bank-dev.konyfabric.tailwindsw.com
      http:
      paths:
      # ApiPortal
      - path: /apiportal
      backend:
      serviceName: kony-fabric-apiportal
      servicePort: 8080
      The operating system my web server runs on is (include version):
      Kubernetes Gcloud, using cert-manager
      My hosting provider, if applicable, is:
      Gcloud
      I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): cert-manager v1.0.2

2 Likes

Hi,

I think this might be a Kubernetes issue, please take a look at this issue on GitHub and see if that resolve the error.

2 Likes