Hi,
I have been playing with kubernetes in an attempt to 1-learn, 2- re-deploy my internal services to it via code and 3- gain HA for a couple weeks on and off. I started by using example code I found online and deployed cert-bot and used my domain name with the letsencrypt-prod URL before I knew what happened in the background.
For the first couple days it just stood there without a dns or port forward from my router and now I find myself entirely unable to redeploy cert-manager properly as I am getting a ACME server URL host and ACME private key registration host differ. Re-checking ACME account registration
then error setting up issuer" "error"="context deadline exceeded"
.
From what I understand, I may have been blocked due to either too many failed retries or just the fact that I waited for a while for the actual set up to be proper.
Any help getting me unblocked would be appreciated!
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: delisle.me
I ran this command: tried to create a clusterissuer (so many times now...) with cert-manager
It produced this output:
[certmanager-cert-manager-6bbf497f67-wlcxm] I0428 04:17:12.881210 1 setup.go:111] cert-manager/clusterissuers "msg"="generating acme account private key" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod-delisle" "related_resource_namespace"="gitlab-managed-apps" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
[certmanager-cert-manager-6bbf497f67-wlcxm] I0428 04:17:13.285677 1 setup.go:219] cert-manager/clusterissuers "msg"="ACME server URL host and ACME private key registration host differ. Re-checking ACME account registration" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod-delisle" "related_resource_namespace"="gitlab-managed-apps" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
[certmanager-cert-manager-6bbf497f67-wlcxm] E0428 04:17:22.882487 1 setup.go:259] cert-manager/clusterissuers "msg"="failed to register an ACME account" "error"="context deadline exceeded" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-prod-delisle" "related_resource_namespace"="gitlab-managed-apps" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
[certmanager-cert-manager-6bbf497f67-wlcxm] I0428 04:17:22.882564 1 conditions.go:95] Setting lastTransitionTime for Issuer "letsencrypt-prod" condition "Ready" to 2022-04-28 04:17:22.882532633 +0000 UTC m=+218.472196690
[certmanager-cert-manager-6bbf497f67-wlcxm] E0428 04:17:22.882669 1 sync.go:60] cert-manager/clusterissuers "msg"="error setting up issuer" "error"="context deadline exceeded" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-prod" "resource_namespace"="" "resource_version"="v1"
[certmanager-cert-manager-6bbf497f67-wlcxm] E0428 04:17:22.885361 1 controller.go:163] cert-manager/clusterissuers "msg"="re-queuing item due to error processing" "error"="context deadline exceeded" "key"="letsencrypt-prod"
My web server is (include version): ingress-nginx (latest)
The operating system my web server runs on is (include version): deployed via helm
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): no, it's deployed via helm in kubernetes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):