'what does "Issuing certificate as Secret does not exist" error mean when using cert manager to add ssl to my domain in k8s

I tried setting ssl to my domain with cert manager in k8s.

Firstly, I created 2 services and applied the ingress, so that I can access my service with http request.

Then I installed cert-manager with yml file

$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml

After that, I set up the issuer and certificate

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-staging
  namespace: default
spec:
  acme:
    # Staging API
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-staging
    solvers:
    - selector: {}
      http01:
        ingress:
          class: nginx

---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: miniapi-staging
  namespace: default
spec:
  secretName: miniapi-staging-certificate
  issuerRef:
    name: letsencrypt-staging
  commonName: xx1.xx.xxx
  dnsNames:
  - xx1.xx.xxx
  - xx2.xx.xxx

I described Certificate, it showed me

Issuing certificate as Secret does not exist

Then I described challenge, it showed me some pending error

Waiting for HTTP-01 challenge propagation: failed to perform self check GET request 'http://xxx.xxx.xx/.well-known/acme-challenge/AsGBYEbUD8VRYoJsXQQu5b0ntGSS5quq2M7kRx0sFZs': Get "http://xx.xxx.xx/.well-known/acme-challenge/AsGBYEbUD8VRYoJsXQQu5b0ntGSS5quq2M7kRx0sFZs": EOF

And I checked the url above is valid, it showed me one ong line string(I have modified the real urls).

I tried so many times but it's the same error, so what am I doing wrong, hope some one could save me from this.

BTW k8s is so hard to learn, how do you guys learn it 🥲

sslkubernetescert-manager


Solution 1:[1]

That message means that cert-manager can see that you have requested a Certificate and it doesn't have one already so it needs to create (issue) one for you.

As for why the issuance is stuck on the self-check, confirm that retrieving that URL works from inside the cluster, as well as from outside.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 coderanger

Related Questions

Secure cookies flag always getting lost in first session after resetting IIS

Solving sslv3 alert handshake failure when trying to use a client certificate

Nginx the event was not signaled for 5s

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Disable SSLHandshakeException for a single connection

How to fix ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1056)?

tls unsigned certificate when using terraform

Library not loaded: /opt/local/lib/libssl.1.0.0.dylib (LoadError)

SSL certificate error for IE users only

Mongodb SSL - unable to get issuer certificate

Where can I find the WAMP error log?

How to convert certificate from PEM to JKS?

CondaHTTPError: HTTP 000 CONNECTION FAILED for url - Anaconda

Getting Chrome to accept self-signed localhost certificate

"ssl module in Python is not available" when installing package with pip3