Skip to main content
Hashnode树上的男爵

Command Palette

Search for a command to run...

Challenge DNS01 in Cert Manager

Published
1 min read
陈一生

Extra arguments is a must when you challenge issuer via dns01:

helm install cert-manager jetstack/cert-manager \
    --namespace cert-manager \
    --create-namespace \
    --version v1.8.0 \
    --set 'extraArgs={--dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53}'

or you will get "propagation check failed" error:

sync.go:186] cert-manager/challenges "msg"="propagation check failed" "error"="DNS record for \"xxxx.com\" not yet propagated" "dnsName"="xxxx.com" "resource_kind"="Challenge" "resource_name"="xxxx-tls-secret-bzkjh" "resource_namespace"="default" "resource_version"="v1" "type"="DNS-01"

issure.yaml

---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata: 
  generation: 1
  name: letsencrypt-prod
spec: 
  acme: 
    email: me@gmail.com
    preferredChain: ""
    privateKeySecretRef: 
      name: letsencrypt-prod
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers: 
    - dns01: 
        cloudflare: 
          apiTokenSecretRef: 
            name: cloudflare-api-token-secret
            key: api-token
#kubernetes#cloudflare#dns

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

树上的男爵

3 posts