问题描述
我正在尝试使用 HTTP 质询验证通过 cert-manager 为我的 Kubernetes 集群颁发证书。但是,出于某种原因,质询命令尝试使用未配置的 dns-01 验证器。
我试图找出不同的配置,再次删除和安装 cert-manager,但没有任何帮助。它正在从其他 Acme 客户端运行。
我正在使用 cert-manager v1.2.0。
这是我使用 ClusterIssuer 求解器的 http-01:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
Metadata:
name: clusterissuer-test-acme
#namespace: default
spec:
acme:
server: https://lab03.test.com:8432/acme/directory
# Email address used for Acme registration
email: k8s-security-team@example.org
# Name of a secret used to store the Acme account private key
privateKeySecretRef:
name: issuer-acme-secret
# Enable HTTP01 validations
solvers:
# An empty 'selector' means that this solver matches all domains
- selector: {}
http01:
ingress:
class: public
这是我要颁发的证书:
apiVersion: cert-manager.io/v1
kind: Certificate
Metadata:
name: cert-lab05-test-com
namespace: default
spec:
secretName: cert--secret-lab05-test-com
renewBefore: 365h # 15d
issuerRef:
name: clusterissuer-test-acme
kind: ClusterIssuer
commonName: lab05.test.com
dnsNames:
- lab05.test.com
我收到以下错误:
Status:
Authorizations:
Challenges:
Token: QHYyjqayGWufzC6kz313UwkUvRillXZWdBgoEVKyfe83w32SXvaSgkxvYJEKUViVM884eQAAAXnDf-lT
Type: dns-01
URL: https://lab03.test.com:8432/acme/authz/yFwhSs9x3y4UcyPxCTXHfsSKhhpD1AAAAXnDf-lT/2
Identifier: lab05.test.com
Initial State: pending
URL: https://lab03.test.com:8432/acme/authz/yFwhSs9x3y4UcyPxCTXHfsSKhhpD1AAAAXnDf-lT
Wildcard: false
Finalize URL: https://lab03.test.com:8432/acme/order/c3a10096-ad3a-4e48-9160-f4d39a617299-7/finalize
State: pending
URL: https://lab03.test.com:8432/acme/order/c3a10096-ad3a-4e48-9160-f4d39a617299-7
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning Solver 5m9s cert-manager Failed to determine a valid solver configuration for the set of domains on the Order: no configured challenge solvers can be used for this challenge
我不明白为什么挑战类型是 dns-01,而根据 http-01 设置应该是 ClusterIssuer。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)