flant
domain_name not given or empty
Hi. Tryed to issue wildcard certificate with manifest:
- apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wildcard-infra-example-com
spec:
secretName: wildcard-infra-example-com-secret
issuerRef:
name: regru-dns
kind: ClusterIssuer
dnsNames:
- *.infra.example.com
But in pod log see url: api.reg.ru/api/regru2/zone/add_txt?input_data=%7B%22username%22%3A%22my_regru_user%22%2C%22password%22%3A%22smy_regru_password%22%2C%22domains%22%3A%5B%7B%22dname%22%3A%22%22%7D%5D%2C%22subdomain%22%3A%22_acme-challenge.infra.example.com.%22%2C%22text%22%3A%22CIFuiEULSPsSYQIemqFM0-dAreebSWy-LdWUw_QoMzw%22%2C%22output_content_type%22%3A%22plain%22%7D&input_format=json
And error responce from api:
{
"answer" : {
"domains" : [
{
"error_code" : "NO_DOMAIN",
"error_text" : "domain_name not given or empty",
"result" : "error"
}
]
},
"charset" : "utf-8",
"messagestore" : null,
"result" : "success"
}
As i understand, from api docs, my url format whong, it shoul be api.reg.ru/api/regru2/zone/add_txt?input_data=%7B%22username%22%3A%22test%22%2C%22password%22%3A%22test%22%2C%22domains%22%3A%5B%7B%22dname%22%3A%22test.ru%22%7D%2C%7B%22dname%22%3A%22test.com%22%7D%5D%2C%22subdomain%22%3A%22mail%22%2C%22text%22%3A%22testmail%22%2C%22output_content_type%22%3A%22plain%22%7D&input_format=json
@huziahmetovsv It could be wired with an issue, that issuer could not correctly detect the root zone of third-level domain, that should be used in API call. So, it's tried to receive NS zone for .infra.example.com. but you could have domain example.com in reg.ru account and no NS records exists for .infra.example.com. It's not only about wildcards, but for any third-level domains. In my case, that was received in my system, reg.ru client produced a panic while trying to get zone non existing element of an array of domain part (devided by dots). I have made another version of dirty hack to mitigate this :) Take a look on my fork https://github.com/c0rnoTa/cert-manager-webhook-regru Version 1.1.5 should be useful in your case.
@huziahmetovsv It could be wired with an issue, that issuer could not correctly detect the root zone of third-level domain, that should be used in API call. So, it's tried to receive NS zone for .infra.example.com. but you could have domain example.com in reg.ru account and no NS records exists for .infra.example.com. It's not only about wildcards, but for any third-level domains. In my case, that was received in my system, reg.ru client produced a panic while trying to get zone non existing element of an array of domain part (devided by dots). I have made another version of dirty hack to mitigate this :) Take a look on my fork https://github.com/c0rnoTa/cert-manager-webhook-regru Version 1.1.5 should be useful in your case.
well, same behawor for example.com. But for example.com i have NS records
nslookup -q=ns example.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
example.com nameserver = ns1.reg.ru.
example.com nameserver = ns2.reg.ru.
How can i install your fork with helm?
@huziahmetovsv set issuer.image in values to ghcr.io/c0rnota/cluster-issuer-regru:1.1.5 and upgrade helm release in k8s
@huziahmetovsv set
issuer.imagein values toghcr.io/c0rnota/cluster-issuer-regru:1.1.5and upgrade helm release in k8s
Thank you, worked like charm for *.infra.example.com