Questions tagged [cert-manager]
29 questions
5
votes
1 answer
Deleting all instances of resource type across multiple/all Kubernetes namespaces
I'm trying to uninstall and reinstall cert-manager on our Kubernetes clusters. Their uninstall docs mention:
Before continuing, ensure that all cert-manager resources that have
been created by users have been deleted. You can check for any
existing…
Martijn Heemels
- 7,998
3
votes
2 answers
Kubernetes Nginx Ingress and cert-manager Waiting for HTTP-01 challenge propagation: wrong status code '401', expected '200'
I'm having issues with my rapberry pi kubernetes implementation
Problem:
I have cert-manager letsencrypt ACME challenge waiting due to a 401 error code on bare metal kubernetes install.
Setup
Platform: Raspberry Pi 4
OS: Ubuntu Server 20.04.3 LTS 64…
Llewyn S
- 41
1
vote
1 answer
How to debug certmanager's complaint about receiving the wrong HTTP response
I've got a small k3s cluster in my home hosting a few websites and local applications. For the most part, I've been able to wrangle it to host a variety of services, but the LetsEncrypt functionality has never worked very well for me. When it has…
Daniel Quinn
- 725
1
vote
1 answer
cert-manager Certificate.spec.secretTempate is not updating annotations on the output secret
I recently needed to share a tls configuration between two different namespaces, looking at the docs I saw that you can use reflector to sync secrets between namespaces. I copy/pasted the documented code from the docs to set this up, however the…
Marcus Ruddick
- 121
- 5
1
vote
2 answers
kubernetes cert-manager failing with certificate chain is malformed or broken
I have setup cert-manager to sign the certificate with the private ca issuer. the private CA secret is setup correctly and before adding to the TLS secret i have verified the chain with OpenSSL verify command and they all verify to the root…
appcoder
- 91
1
vote
2 answers
How to Delete CRL Files in Local Cert Store
I need to import CRL files to a Bastion server that is not part of my environments domain. The CRL files are updated every few days so a new copy needs to be imported to the local cert store on the Bastion frequently.
I noticed when I do a fresh…
jrd1989
- 728
- 4
- 24
- 55
1
vote
1 answer
Kubernetes Nginx Ingress could not load custom certificate from cert-manager
I am using cert-manager with this custom wildcard certificate
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-myapp-issuer
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email:…
Rodrigo
- 75
1
vote
2 answers
How do you resolve to both public and private zones in a Split-Horizon DNS (using GCP Cloud DNS)?
We're using GCP and Cloud DNS to manage our domain and I'm trying to solve for these use cases:
Have private records for things like Databases that can only be resolved within the company network (our VPC).
Override public records with private IPs…
James
- 113
- 5
1
vote
1 answer
Kubernetes Cert-Manager Expired Certificates
I inherited a GKE Kubernetes environment and have been trying to figure this out for days but unfortunately just don't know what to try next.
The cluster is setup to use cert-manager (installed via helm) to apply Let's Encrypt certificates to the…
Steven Carlton
- 111
1
vote
0 answers
AKS Certificate Manager upgrade w/ namespace change - Wrong cert-manager hook ID
Recently, we changed uninstalled our cert manager and reinstalled it into a new namespace.
There were no issues with the uninstall / reinstall of the cert manager. When we tried to create a new certificate issuer, the cert manager is unable to…
Brennan Mann
- 133
1
vote
1 answer
check that a DNS record exists for this domain
I have the following ingress manifest file:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
namespace: fsm
name: fsm
labels:
app: fsm
annotations:
kubernetes.io/ingress.class: nginx
…
DobreMihaela
- 81
0
votes
0 answers
creating manifest failed: ambassador/cloudflare-ambassador-wcard failed to create kubernetes rest client for update of resource
I am working on a new K8s cluster with Terraform, and having problems installing certificate issuer.
Here is my current setup.
sealed-secrets.tf:
# helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets && helm repo…
Alex A.
- 101
0
votes
1 answer
In kubernetes: protect a program that runs on port 3000 using Traefik, Cert Manager, and http challenge
Hello and thank you for your time. I will try to explain what is my experiment.
In kubernetes I have an app deployed. I can reach it with a load balancer. And using traefik I can reach it via http. I would like to reach it via Https. To achieve that…
Malkavian
- 339
- 1
- 5
- 18
0
votes
0 answers
Why is Kubernetes Vault ClusterIssuer reusing/reissuing revoked certificate?
I have set up Vault inside kubernetes, and a ClusterIssuer that works as expected.
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: vault-cluster-issuer
namespace: cert-manager
spec:
vault:
path: pki/sign/my-issuer
…
Anders Bornholm
- 119
0
votes
0 answers
Cert-Manager fails renewal of certificates with "SERVFAIL"
I am running a small K3S cluster and I use Cert-Manager to issue Let's Encrypt certificates to the applications running in my cluster.
The cluster was installed via Ansible and the initial generation of certificates worked fine, but for some odd…
Lasse Michael Mølgaard
- 1,293