Hello!
A couple month ago we was banned because of our cert-manager generated a lot of "bad" traffic.
Now I don't see the message about the ban but I still can't catch how to resolve an errors in the cluster issuer.
Could you please help me to understand where might be an issue?
Errors:
Warning ErrInitIssuer 49m (x128 over 1d) cert-manager Error initializing issuer: Post https://acme-v02.api.letsencrypt.org/acme/acct/54901904: dial tcp: i/o timeout
Warning ErrInitIssuer 30m (x179 over 1d) cert-manager Error initializing issuer: Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
Warning ErrVerifyACMEAccount 22m (x181 over 1d) cert-manager Failed to verify ACME account: Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
Warning ErrVerifyACMEAccount 16m (x133 over 1d) cert-manager Failed to verify ACME account: Post https://acme-v02.api.letsencrypt.org/acme/acct/54901904: dial tcp: i/o timeout
Warning ErrInitIssuer 1m (x98977 over 2d) cert-manager-controller Error initializing issuer: Head : unsupported protocol scheme ""
Warning ErrVerifyACMEAccount 22s (x99063 over 2d) cert-manager-controller Failed to verify ACME account: Head : unsupported protocol scheme ""
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Hello @JuergenAuer
I work in a company that supports kubernetes clusters and these errors happening with one of our clients but on others clusters everything is ok. The issue appeared when we had 0.41 version of cert-manager and after an update to 0.71 it’s still here.
We use a helm chart that installs https://github.com/jetstack/cert-manager
Yes it can talk with Letsencrypt. I’ve checked an availability with curl for URL’s that mentioned in error logs.
The more interesting that certificates continue to renew but I see errors in the clusterissuer.
Example of domain name that we use here: freedom.conomy.ru
pinging @munnerz but they are not U.S. based so you may not hear back for a while. I think this might be something with how you are using cert-manager/your environment... can you find the ACME error message you are receiving?
Another great place to go for help with cert-manager specifically is in the Kubernetes Slack instance there is a cert-manager channel.