我正在創建一個 ClusterIssuer 和一個證書。然而,秘訣就沒有了! tls.crt我做錯了什么?
clusterissuer 看起來運行良好,但兩個鍵都沒有 crt
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-myapp-clusterissuer
namespace: cert-manager
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: [email protected]
privateKeySecretRef:
name: wildcard-myapp-com
solvers:
- dns01:
cloudDNS:
serviceAccountSecretRef:
name: clouddns-service-account
key: dns-service-account.json
project: app
selector:
dnsNames:
- '*.myapp.com'
- myapp.com
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: myapp-com-tls
namespace: cert-manager
spec:
secretName: myapp-com-tls
issuerRef:
name: letsencrypt-myapp-issuer
kind: ClusterIssuer
commonName: '*.myapp.com'
dnsNames:
- 'myapp.com'
- '*.myapp.com'
uj5u.com熱心網友回復:
使用提供的資訊很難解決此問題,您可能遇到了這個錯誤。
您可以按照以下程序開始對此類問題進行故障排除:
- 獲取證書請求名稱:
kubectl -n <namespace> describe certificate myapp-com-tls
...
Created new CertificateRequest resource "myapp-com-tls-xxxxxxx"
- 請求會生成一個訂單,使用命令獲取訂單名稱:
kubectl -n <namespace> describe certificaterequests myapp-com-tls-xxxxxxx
…
Created Order resource <namespace>/myapp-com-tls-xxxxxxx-xxxxx
- 該訂單將生成一個挑戰資源,通過以下方式獲取:
kubectl -n <namespace> describe order myapp-com-tls-xxxxxxx-xxxxx
…
Created Challenge resource "myapp-com-tls-xxxxxxx-xxxxx-xxxxx" for domain "yourdomain.com"
- 最后,使用挑戰名稱,您可以獲得證書的驗證狀態:
kubectl -n <namespace> describe challenges myapp-com-tls-xxxxxxx-xxxxx-xxxxx
...
Reason: Successfully authorized domain
...
Normal Started 2m45s cert-manager Challenge scheduled for processing
Normal Presented 2m45s cert-manager Presented challenge using http-01 challenge mechanism
Normal DomainVerified 2m22s cert-manager Domain "yourdomain.com" verified with "http-01" validation
如果質詢的狀態不是DomainVerified,則在向 let's encrypt 請求證書時出現問題,并將在輸出中看到原因。
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/484386.html
標籤:Kubernetes 证书管理器