kube-lego icon indicating copy to clipboard operation
kube-lego copied to clipboard

Published 20 hours ago verified publisher icon jetstack

nginx example: Secret echoserver/echoserver-tls does not exists

Open ngtuna opened this issue 7 years ago • 4 comments

Hi hello, I've followed this example on minikube. Checking the log of nginx-ingress-controller pod it's saying:

W0718 07:24:54.649166       1 controller.go:932] Secret echoserver/echoserver-tls does not exists

I think I've missed to create the secret object echoserver/echoserver-tls But I don't see it mentioned somewhere in the README. Do you have any suggestion ?

ngtuna avatar Jul 18 '17 07:07 ngtuna

OK it has more clues when I check the log of kube-lego pod:

time="2017-07-18T07:52:55Z" level=info msg="process certificate requests for ingresses" context=kubelego 
time="2017-07-18T07:52:55Z" level=info msg="Attempting to create new secret" context=secret name=echoserver-tls namespace=echoserver 
time="2017-07-18T07:52:55Z" level=info msg="no cert associated with ingress" context="ingress_tls" name=echoserver namespace=echoserver 
time="2017-07-18T07:52:55Z" level=info msg="requesting certificate for echo.example.com" context="ingress_tls" name=echoserver namespace=echoserver 
time="2017-07-18T07:54:24Z" level=warning msg="authorization failed after 1m0s: reachability test failed: Get http://echo.example.com/.well-known/acme-challenge/_selftest: dial tcp: lookup echo.example.com on 10.0.0.10:53: no such host" context=acme domain=echo.example.com 
time="2017-07-18T07:54:24Z" level=error msg="Error while processing certificate requests: no domain could be authorized successfully" context=kubelego 
time="2017-07-18T07:54:24Z" level=info msg="ignoring as has no annotation 'kubernetes.io/tls-acme'" context=ingress name=kube-lego-nginx namespace=kube-lego

It seems like the kube-lego controller can't reach echoserver app via echo.example.com URL

ngtuna avatar Jul 18 '17 07:07 ngtuna

Hi there

What domain are you trying to obtain a certificate for, and is it pointed at your ingress controller?

tcp: lookup echo.example.com on 10.0.0.10:53: no such host indicates that whatever domain you are using is not actually configured with DNS.

Have you changed the domain to obtain a certificate from echo.example.com to one of your own domains? (sorry to state the obvious if you have already!)

munnerz avatar Jul 18 '17 13:07 munnerz

@munnerz Thanks for the response. Yeah I haven't configured any domain yet. I just tried kube-lego by running the example on minikube. Now if I understand correctly from the log of kube-lego pod, it needs to connect to http://echo.example.com/.well-known/acme-challenge/_selftest. Which target should I point echo.example.com to ? echoserver ?

ngtuna avatar Jul 18 '17 17:07 ngtuna

@ngtuna How are they supposed to reach echo.example.com running on your local machine?

seivan avatar Dec 08 '17 13:12 seivan