LoginSignup
2
1

More than 5 years have passed since last update.

@hali

CertificateがIssuerNotReadyのまま進まない

Posted at

$ kubectl describe cert

Name:         hoge.example.com
Namespace:    default
()
Events:
  Type     Reason          Age               From          Message
  ----     ------          ----              ----          -------
  Warning  IssuerNotReady  4s (x3 over 16s)  cert-manager  Issuer letsencrypt-prod not ready

こういうやつ。待てど暮らせど通らない。

1.いくつもIssureを放り込んでいる

あちこちの記事を見ながら、kubectl apply -f ....とかやってる間に、どうも複数のIssureが登録されていた。
なんかkubectl describe certした時に対象としてる証明書の名前が変だったので、チュートリアル記事を読みながら作業していたときの残骸が邪魔していた。
同じyamlファイルの中身を書き換えながらapplyしていたのが多分原因。
あらかたkubectl deleteしてまっさらからやり直す。Issure3つくらい登録あってがっかり。。。

2.IssureのServerアドレスが間違ってる

Certificateを消しIssureを消し再度投入。

$ kubectl describe issuer

Name:         letsencrypt-prod
Namespace:    default
()
Spec:
  Acme:
    Dns 01:
      Providers:
        Clouddns:
          Project:  my-project-name
          Service Account Secret Ref:
            Key:   cert-manager-key.json
            Name:  clouddns-service-account
        Name:      prod-dns
    Email:         admin@hoge.example.com
    Http 01:
    Private Key Secret Ref:
      Key:
      Name:  letsencrypt-prod
    Server:  https://acme-v01.api.letsencrypt.org/directory
Status:
  Conditions:
    Last Transition Time:  2018-10-10T22:26:51Z
    Message:               Your ACME server URL is set to a v1 endpoint (https://acme-v01.api.letsencrypt.org/directory). You should update the spec.acme.server field to "https://acme-v02.api.letsencrypt.org/directory"
    Reason:                InvalidConfig
    Status:                False
    Type:                  Ready
Events:                    <none>

Your ACME server URL is set to a v1 endpoint (https://acme-v01.api.letsencrypt.org/directory). You should update the spec.acme.server field to "https://acme-v02.api.letsencrypt.org/directory"

アドレス変えろと言われている。
Server: https://acme-v01.api.letsencrypt.org/directory
この箇所を指示されているとおりに変更する。

$ kubectl apply -f certmanager-issuer.yml
issuer.certmanager.k8s.io "letsencrypt-prod" configured

$ kubectl describe issuer

Name:         letsencrypt-prod
Namespace:    default
()
Spec:
  Acme:
    Dns 01:
      Providers:
        Clouddns:
          Project:  my-project-name
          Service Account Secret Ref:
            Key:   cert-manager-key.json
            Name:  clouddns-service-account
        Name:      prod-dns
    Email:         admin@hoge.example.com
    Http 01:
    Private Key Secret Ref:
      Key:
      Name:  letsencrypt-prod
    Server:  https://acme-v02.api.letsencrypt.org/directory
Status:
  Acme:
    Uri:  https://acme-v02.api.letsencrypt.org/acme/acct/43637263
  Conditions:
    Last Transition Time:  2018-10-10T22:28:53Z
    Message:               The ACME account was registered with the ACME server
    Reason:                ACMEAccountRegistered
    Status:                True
    Type:                  Ready
Events:                    <none>

ACMEAccountRegistered

通った!

2
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
2
1