Unable to create clusterissuer with cert-manager


I have been playing with kubernetes in an attempt to 1-learn, 2- re-deploy my internal services to it via code and 3- gain HA for a couple weeks on and off. I started by using example code I found online and deployed cert-bot and used my domain name with the letsencrypt-prod URL before I knew what happened in the background.

For the first couple days it just stood there without a dns or port forward from my router and now I find myself entirely unable to redeploy cert-manager properly as I am getting a ACME server URL host and ACME private key registration host differ. Re-checking ACME account registration then error setting up issuer" "error"="context deadline exceeded" .

From what I understand, I may have been blocked due to either too many failed retries or just the fact that I waited for a while for the actual set up to be proper.

Any help getting me unblocked would be appreciated!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: delisle.me

I ran this command: tried to create a clusterissuer (so many times now...) with cert-manager

It produced this output:

[certmanager-cert-manager-6bbf497f67-wlcxm] I0428 04:17:12.881210       1 setup.go:111] cert-manager/clusterissuers "msg"="generating acme account private key" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod-delisle" "related_resource_namespace"="gitlab-managed-apps" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
[certmanager-cert-manager-6bbf497f67-wlcxm] I0428 04:17:13.285677       1 setup.go:219] cert-manager/clusterissuers "msg"="ACME server URL host and ACME private key registration host differ. Re-checking ACME account registration" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod-delisle" "related_resource_namespace"="gitlab-managed-apps" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
[certmanager-cert-manager-6bbf497f67-wlcxm] E0428 04:17:22.882487       1 setup.go:259] cert-manager/clusterissuers "msg"="failed to register an ACME account" "error"="context deadline exceeded" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod-delisle" "related_resource_namespace"="gitlab-managed-apps" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
[certmanager-cert-manager-6bbf497f67-wlcxm] I0428 04:17:22.882564       1 conditions.go:95] Setting lastTransitionTime for Issuer "letsencrypt-prod" condition "Ready" to 2022-04-28 04:17:22.882532633 +0000 UTC m=+218.472196690
[certmanager-cert-manager-6bbf497f67-wlcxm] E0428 04:17:22.882669       1 sync.go:60] cert-manager/clusterissuers "msg"="error setting up issuer" "error"="context deadline exceeded" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
[certmanager-cert-manager-6bbf497f67-wlcxm] E0428 04:17:22.885361       1 controller.go:163] cert-manager/clusterissuers "msg"="re-queuing item due to error processing" "error"="context deadline exceeded" "key"="letsencrypt-prod"

My web server is (include version): ingress-nginx (latest)

The operating system my web server runs on is (include version): deployed via helm

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): no, it's deployed via helm in kubernetes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.