Problem in cert-manager/challenges "error"="Unable to check the TXT record: ### Unexpected HTTP status: 422"

arunsinghbhati · November 7, 2023, 9:06am

I was trying to generate certificate for my domain and I got an issue

cert-manager/challenges "msg"="re-queuing item due to error processing" "error"="Unable to check the TXT record: ### Unexpected HTTP status: 422"

I follow this for generate the ssl certificate for my domain which is hosted on godaddy

Secret
 
Create a Secret containing as key parameter the concatenation of the Godaddy Api and Secret 
separated by ":"
 
cat <<EOF > secret.yml
apiVersion: v1
kind: Secret
metadata:
  name: godaddy-api-key
type: Opaque
stringData:
  token: <GODADDY_API:GODADDY_SECRET>
EOF
 
Next, deploy it under the namespace where you would like to get your certificate/key signed by the ACME CA Authority
 
kubectl apply -f secret.yml -n prod
 
ClusterIssuer
 
Create a ClusterIssuerresource to specify the address of the ACME staging or production server to access. Add the DNS01 Solver Config that this webhook will use to communicate with the API of the Godaddy Server in order to create or delete an ACME Challenge TXT record that the DNS Provider will accept/refuse if the domain name exists.
 
cat <<EOF > clusterissuer.yml 
EOF apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # ACME Server
    # prod : https://acme-v02.api.letsencrypt.org/directory
    # staging : https://acme-staging-v02.api.letsencrypt.org/directory
    server: https://acme-v02.api.letsencrypt.org/directory
    # ACME Email address
    email: xyz@gmail.com
    privateKeySecretRef:
      name: letsencrypt-production # staging or production
    solvers:
    - selector:
        dnsNames:
        - '*.example.com'
      dns01:
        webhook:
          config:
            apiKeySecretRef:
              name: godaddy-api-key
              key: token
            production: true
            ttl: 600
          groupName: acme.mycompany.com
          solverName: godaddy
EOF
 
Next, install it on your kubernetes cluster
 
kubectl apply -f clusterissuer.yml -n prod
 
Next, create for each of your domain where you need a signed certificate from the Letsencrypt authority the following certificate
 
cat <<EOF > certificate.yml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wildcard-example-com
spec:
  secretName: wildcard-example-com-tls
  renewBefore: 240h
  dnsNames:
  - '*.example.com'
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
EOF
 
Deploy it
 
kubectl apply -f certificate.yml -n prod

orangepizza · November 7, 2023, 9:27am

did you fill the <>placeholders?

arunsinghbhati · November 7, 2023, 9:57am

yes, I filled them with appropriate data

orangepizza · November 7, 2023, 10:54am

it looks like godaddy api thinks it's malformed json: as we don't see actual traffic not sure why it think so

arunsinghbhati · November 7, 2023, 11:23am

We have already generated the certificate for two different domain it working fine for them but when I create new file for another domain it showing me 422

system · December 7, 2023, 11:24am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to check the TXT record: ### Unexpected HTTP status: 403 Help	6	764	February 11, 2024
Challenge failed and got error DNS problem: NXDOMAIN looking up TXT Help	9	451	October 19, 2024
DNS Challenge with GoDaddy API Failed Help	4	1102	May 5, 2024
TXT Lookup giving an error Help	5	1662	July 3, 2018
Getting error regarding Domain challenge failed while generating certificates Help	10	2906	November 10, 2017

Problem in cert-manager/challenges "error"="Unable to check the TXT record: ### Unexpected HTTP status: 422"

Related topics