Comments (4)
jar3b
commented on May 25, 2024
@ticruz38, hello, I have similar problem with cert-manager. If the problem was solved, can you explain the solution please?
from kube-lego.
cguethle
commented on May 25, 2024
It is attempting to talk to root domain servers to do DNS based verification for the certificate. If you have anything in the way of talking UDP you will encounter this problem. For us, we have corporate proxies for all outbound traffic that blocks UDP. Our solution was non-technical: we purchased a wildcard cert instead of using LE as it gives us a year vs manually registered LE cert of 90 days. Just easier. Ultimately, you need to ensure UDP traffic can traverse your network and get to acme-v01.api.letsencrypt.org. Hope this helps.
from kube-lego.
jar3b
commented on May 25, 2024
@cguethle thanks for advice! In my case problem was on Kubernetes (or Docker, or network config... idk) - UDP requests were too slow or there was no answer from NS server at all (I didn't understand, was the answer or not, too lazy to check this. for 10 seconds just was no response)
I solved this by modifying https://github.com/jetstack/cert-manager (i use it) code to failback to TCP if UDP reaches timeout. After all, wildcard LE issuance works well with TCP only.
from kube-lego.
ticruz38
commented on May 25, 2024
I ran the kubernetes cluster with kubeadm on Scaleway provider, this was a problem with the network settings, the master nodes could'nt talk to slaves via ssl, I had to override a kubelet variables but can't remember which one...
from kube-lego.
Related Issues (20)
- The tls-sni challenge has been disabled due to strong credibility of a vulnerability report HOT 4
- Adding heptio/contour support HOT 1
- Wildcard Certificate Support HOT 2
- Pull the complete certificate chain HOT 1
- Unsupported ingress class HOT 1
- renewal expiry date is incorrect HOT 1
- Support for Letsencrypt wildcard certificate HOT 1
- Let's Encrypt Wildcard Support HOT 9
- How safe is it to use Kube Lego in producation on v1.9+ of Kubernetes? HOT 2
- If one of the domains in an ingress fails reachability, kube-lego should not try to authorize any of the domains
- Pod kube-lego not starting HOT 4
- Does not seem to work on k8s 1.8.8-gke.0 HOT 6
- Failed to list *v1beta1.Ingress HOT 1
- creating new secret
- Auto-renewal of certificates is not being triggered in 0.1.6 HOT 2
- Memory Leak?
- kubernetes 1.10 on GCP cant create a GCE loadbalancer ingress without secret
- Add: kubernetes.io/tls-acme: 'true' annotation
- Archive the kube-lego repository
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kube-lego.