Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: xpresside.com
I ran this command:
cat <<EOF | kubectl apply -f -
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: che-certificate-issuer
spec:
acme:
dns01:
providers:
- route53:
region: us-east-1
accessKeyID: AKIA4ZR4YBFXPFDK7SNR
secretAccessKeySecretRef:
name: aws-cert-manager-access-key
key: CLIENT_SECRET
name: route53
email: mplabxpress@gmail.com
privateKeySecretRef:
name: letsencrypt
server: https://acme-v02.api.letsencrypt.org/directory
EOF
cat <<EOF | kubectl apply -f -
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: che-tls
namespace: che
spec:
secretName: che-tls
issuerRef:
name: che-certificate-issuer
kind: ClusterIssuer
dnsNames:
- '*.xpresside.com'
acme:
config:
- dns01:
provider: route53
domains:
- '*.xpresside.com'
EOF
It produced this output:
It created DNS TXT entry in route53 and then it disappeared , i was not able to run the che build.
ACME DNS01 validation record propagated for "_acme-challenge.xpresside.com."
I1018 12:39:15.005333 1 sync.go:307] cert-manager/controller/challenges/acceptChallenge "level"=0 "msg"="accepting challenge with ACME server" "dnsName"="xpresside.com" "resource_kind"="Challenge" "resource_name"="che-tls-4211818486-0" "resource_namespace"="che" "type"="dns-01"
I1018 12:39:15.005356 1 logger.go:63] Calling AcceptChallenge
I1018 12:39:15.268953 1 sync.go:324] cert-manager/controller/challenges/acceptChallenge "level"=0 "msg"="waiting for authorization for domain" "dnsName"="xpresside.com" "resource_kind"="Challenge" "resource_name"="che-tls-4211818486-0" "resource_namespace"="che" "type"="dns-01"
I1018 12:39:15.268971 1 logger.go:78] Calling WaitAuthorization
I1018 12:39:16.727511 1 controller.go:198] cert-manager/controller/orders "level"=0 "msg"="syncing resource" "key"="che/che-tls-4211818486"
I1018 12:39:16.727681 1 sync.go:274] Need to create 0 challenges
I1018 12:39:16.727691 1 logger.go:43] Calling GetOrder
I1018 12:39:16.728711 1 controller.go:219] cert-manager/controller/challenges "level"=0 "msg"="finished processing work item" "key"="che/che-tls-4211818486-0"
I1018 12:39:16.728743 1 controller.go:213] cert-manager/controller/challenges "level"=0 "msg"="syncing resource" "key"="che/che-tls-4211818486-0"
I1018 12:39:16.819291 1 controller.go:167] cert-manager/controller/certificates "level"=0 "msg"="syncing resource" "key"="che/che-tls"
I1018 12:39:16.819800 1 issue.go:169] cert-manager/controller/certificates "level"=0 "msg"="Order is not in 'valid' state. Waiting for Order to transition before attempting to issue Certificate." "related_resource_kind"="Order" "related_resource_name"="che-tls-4211818486" "related_resource_namespace"="che" "resource_kind"="Certificate" "resource_name"="che-tls" "resource_namespace"="che"
My web server is (include version): we are trying to delpy eclipse che using kubernetes on aws
The operating system my web server runs on is (include version): MacOS
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):