Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: cert.prd.yoda.yogiyo.co.kr
I ran this command:
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
namespace: yoda-prd
name: yoda-prd-issuer
labels:
service: yoda
spec:
acme:
email: choonho.shin@deliveryhero.co.kr
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: yoda-prd-issuer-secret-staging
solvers:
- selector: {}
dns01:
cloudDNS:
project: dhk-d-resto
serviceAccountSecretRef:
name: clouddns-dns01-solver-svc-acct
key: key.json
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
namespace: yoda-prd
name: yoda-ingress-prd
labels:
service: yoda
env: prd
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: "nginx"
cert-manager.io/issuer: "yoda-prd-issuer"
spec:
tls:
- hosts:
- "*.yoda.yogiyo.co.kr"
secretName: yoda-prd-issuer-secret-staging
rules:
- host: cert.prd.yoda.yogiyo.co.kr
http:
paths:
- path: /
backend:
serviceName: yoda-frontend-svc
servicePort: yoda-fs-port
It produced this output:
> k describe issuer yoda-prd-issuer
Name: yoda-prd-issuer
Namespace: yoda-prd
Labels: service=yoda
Annotations: API Version: cert-manager.io/v1
Kind: Issuer
Metadata:
Creation Timestamp: 2020-10-15T07:49:22Z
Generation: 1
Resource Version: 2076683
Self Link: /apis/cert-manager.io/v1/namespaces/yoda-prd/issuers/yoda-prd-issuer
UID: 7dec6b6d-4649-47a1-98b7-081ca90c548c
Spec:
Acme:
Email: choonho.shin@deliveryhero.co.kr
Preferred Chain:
Private Key Secret Ref:
Name: yoda-prd-issuer-secret-staging
Server: https://acme-staging-v02.api.letsencrypt.org/directory
Solvers:
dns01:
Cloud DNS:
Project: dhk-d-resto
Service Account Secret Ref:
Key: key.json
Name: clouddns-dns01-solver-svc-acct
Selector:
Status:
Acme:
Last Registered Email: choonho.shin@deliveryhero.co.kr
Uri: https://acme-staging-v02.api.letsencrypt.org/acme/acct/16125294
Conditions:
Last Transition Time: 2020-10-15T07:49:23Z
Message: The ACME account was registered with the ACME server
Reason: ACMEAccountRegistered
Status: True
Type: Ready
Events: <none>
> k describe certificate yoda-prd-issuer-secret-staging
Name: yoda-prd-issuer-secret-staging
Namespace: yoda-prd
Labels: env=prd
service=yoda
Annotations: <none>
API Version: cert-manager.io/v1
Kind: Certificate
Metadata:
Creation Timestamp: 2020-10-15T07:49:22Z
Generation: 1
Owner References:
API Version: extensions/v1beta1
Block Owner Deletion: true
Controller: true
Kind: Ingress
Name: yoda-ingress-prd
UID: c2d9c16c-1b7c-4b18-824f-1feb169cde5e
Resource Version: 2076672
Self Link: /apis/cert-manager.io/v1/namespaces/yoda-prd/certificates/yoda-prd-issuer-secret-staging
UID: d805601b-7342-42d3-9494-bdff68eb81de
Spec:
Dns Names:
*.yoda.yogiyo.co.kr
Issuer Ref:
Group: cert-manager.io
Kind: Issuer
Name: yoda-prd-issuer
Secret Name: yoda-prd-issuer-secret-staging
Status:
Conditions:
Last Transition Time: 2020-10-15T07:49:22Z
Message: Issuing certificate as Secret does not contain a certificate
Reason: MissingData
Status: True
Type: Issuing
Last Transition Time: 2020-10-15T07:49:22Z
Message: Issuing certificate as Secret does not contain a certificate
Reason: MissingData
Status: False
Type: Ready
Next Private Key Secret Name: yoda-prd-issuer-secret-staging-h6xzz
Events: <none>
> k describe challenge yoda-prd-issuer-secret-staging-s7mdm-3658250181-2121561333
Name: yoda-prd-issuer-secret-staging-s7mdm-3658250181-2121561333
Namespace: yoda-prd
Labels: <none>
Annotations: <none>
API Version: acme.cert-manager.io/v1
Kind: Challenge
Metadata:
Creation Timestamp: 2020-10-15T07:49:25Z
Finalizers:
finalizer.acme.cert-manager.io
Generation: 1
Owner References:
API Version: acme.cert-manager.io/v1
Block Owner Deletion: true
Controller: true
Kind: Order
Name: yoda-prd-issuer-secret-staging-s7mdm-3658250181
UID: bb07fb3b-c2f1-4dea-a62e-b8bc2f583d95
Resource Version: 2076733
Self Link: /apis/acme.cert-manager.io/v1/namespaces/yoda-prd/challenges/yoda-prd-issuer-secret-staging-s7mdm-3658250181-2121561333
UID: 59a0bb03-0ee3-46f1-b680-7fdedb91c272
Spec:
Authorization URL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/133106301
Dns Name: yoda.yogiyo.co.kr
Issuer Ref:
Group: cert-manager.io
Kind: Issuer
Name: yoda-prd-issuer
Key: 6ncRJlSeDlEwdh5_Q54gsqYOrVuEHqcGZ0uGgp7_7_4
Solver:
dns01:
Cloud DNS:
Project: dhk-d-resto
Service Account Secret Ref:
Key: key.json
Name: clouddns-dns01-solver-svc-acct
Selector:
Token: S_w5tDGC-Mx4-5PCHKfxg_Xi-hOD7qVjTTwLFhPowc8
Type: DNS-01
URL: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/133106301/-Z08LA
Wildcard: true
Status:
Presented: true
Processing: true
Reason: Waiting for DNS-01 challenge propagation: DNS record for "yoda.yogiyo.co.kr" not yet propagated
State: pending
Events: <none>
My web server is (include version): nginx:1.19-alpine in GKE
The operating system my web server runs on is (include version): nginx:1.19-alpine in GKE
My hosting provider, if applicable, is: GKE
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): cert-manager 1.03
What am I doing wrong?