Comments (7)
speedyflipper
commented on May 26, 2024
I'm seeing this error as well
from cert-manager.
prashant-shahi
commented on May 26, 2024
Encountered it again.
Certificate status:
status:
conditions:
- lastTransitionTime: '2023-12-08T04:31:05Z'
message: Issuing certificate as Secret does not exist
observedGeneration: 1
reason: DoesNotExist
status: 'True'
type: Issuing
- lastTransitionTime: '2023-12-08T04:31:05Z'
message: Issuing certificate as Secret does not exist
observedGeneration: 1
reason: DoesNotExist
status: 'False'
type: Ready
nextPrivateKeySecretName: test.redacted.com-tls-smlvs
from cert-manager.
speedyflipper
commented on May 26, 2024
I'm seeing this error as well
The issue for me was that Cloudflare was flagging the challenges as a bot and was blocking them.
from cert-manager.
jonathanribas
commented on May 26, 2024
We are running Cert Manager 1.13.3 (same issue with 1.13.1) on Kubernetes 1.28 (EKS).
We had to create a CAA record on our DNS zone to create new certificates or renew existing ones.
Still investigating why we had to do so, it was working correctly in the past.
from cert-manager.
chrxmvtik
commented on May 26, 2024
I'm seeing this error as well
The issue for me was that Cloudflare was flagging the challenges as a bot and was blocking them.
Could you tell, how you managed to get it fixed? I was searching cloudflare panel for some requests that were flagged as a bot, but didn't find anything.
from cert-manager.
speedyflipper
commented on May 26, 2024
I'm seeing this error as well
The issue for me was that Cloudflare was flagging the challenges as a bot and was blocking them.
Could you tell, how you managed to get it fixed? I was searching cloudflare panel for some requests that were flagged as a bot, but didn't find anything.
After selecting the site, Security then Events. You should see a list of everything blocked.
I added an IP Access Tool Rule under Security-WAF, that allows any connection from my server's IP address. I wish there was a way to automate this. I know I'm going to forget the next time the ISP changes my IP
from cert-manager.
chrxmvtik
commented on May 26, 2024
I'm seeing this error as well
The issue for me was that Cloudflare was flagging the challenges as a bot and was blocking them.
Could you tell, how you managed to get it fixed? I was searching cloudflare panel for some requests that were flagged as a bot, but didn't find anything.
After selecting the site, Security then Events. You should see a list of everything blocked.
I added an IP Access Tool Rule under Security-WAF, that allows any connection from my server's IP address. I wish there was a way to automate this. I know I'm going to forget the next time the ISP changes my IP
None of above worked, but when I removed a _acme-challenge TXT record it successfully validated the challenge and everything worked lol.
Weird behaviour, I had this set up for 2 years and it worked like a charm until today.
from cert-manager.
Related Issues (20)
- Update Certificate API definition on key length
- Intermediate certificate is not updated in child certificates
- ImagePullBackOff error Failed to pull image "quay.io/jetstack/cert-manager-controller:v1.13.3": x509: certificate signed by unknown authority HOT 2
- Add TLS support for /metrics prometheus server HOT 1
- Make Service Port and Webhook Service Port Configurable in Helm Chart
- Add documentation for istio-csr and ingress with istio
- DNS01 challenge propagation check failed HOT 1
- Attempting to update Cert-Manager through TrueNAS via TrueCharts repository HOT 10
- api server request get through the proxy in cert manager HOT 2
- Warn users not to use insecure TSIG algorithms when using DNS UPDATE and ACME DNS01
- Consolidate duplicate functions: `RandStringRunes` and `RandStringBytes`
- `global.logLevel` is not documented in the Helm README file HOT 1
- Release cert-manager v1.14.0
- Waiting for DNS-01 challenge propagation: DNS record for 'hmccloud.com' not yet propagated.
- The startupapicheck image isn't published to quay.io, so the standard Helm install fails. HOT 1
- Cert manager not retrying after initial issuance is failed
- Add the ability to communicate with Vault via mTLS when strict client certificates is enabled at Vault server side
- HTTP01 Config Map Challenge Flow
- Certificate Issue in Bare metal server - http01 HOT 1
- [release-1.14-alpha] Certificate is not renewed when changing OtherName/ NameConstraints HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cert-manager.