等待订单状态为“待处理"的证书颁发 [英] Waiting on certificate issuance from order status "pending"
问题描述
我遇到了一个使用cert-manager处理tls证书的问题,我正在关注文档,并添加了一些附加功能以与Traefik
一起用作入口.
I'm running into an issue handling tls certificates with cert-manager, I'm following the documentation and added some extras to work with Traefik
as an ingress.
当前,我有以下YAML
个文件:
Currently, I have this YAML
files:
cluster-issuer.yaml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
namespace: secure-alexguedescom
spec:
acme:
email: user@gmail.com
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource used to store the account's private key.
name: letsencrypt-staging
# Add a single challenge solver, HTTP01 using nginx
solvers:
- selector: {}
http01:
ingress:
class: traefik-cert-manager
traefik-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/cluster-issuer: letsencrypt-staging
name: secure-alexguedescom-ingress-http
namespace: secure-alexguedescom
spec:
rules:
- host: secure.alexguedes.com
http:
paths:
- backend:
serviceName: secure-alexguedescom-nginx
servicePort: 80
path: /
tls:
- hosts:
- secure.alexguedes.com
secretName: secure-alexguedescom-cert
cert-staging.yaml
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: secure-alexguedescom-cert
namespace: secure-alexguedescom
spec:
commonName: secure.alexguedes.com
secretName: letsencrypt-staging
dnsNames:
- secure.alexguedes.com
issuerRef:
name: letsencrypt-staging
kind: ClusterIssuer
检查证书,我收到此错误消息:
Inspecting the certs I have this error message:
Message: Issuing certificate as Secret does not contain a certificate
Reason: MissingData
也在检查certificaterequest
我有以下日志消息:
Also inspecting the certificaterequest
I have this log messages:
Status:
Conditions:
Last Transition Time: 2020-08-16T00:32:01Z
Message: Waiting on certificate issuance from order secure-alexguedescom/secure-alexguedescom-cert-q8w5p-1982372682: "pending"
Reason: Pending
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal OrderCreated 11m cert-manager Created Order resource secure-alexguedescom/secure-alexguedescom-cert-q8w5p-1982372682
Normal OrderPending 11m cert-manager Waiting on certificate issuance from order secure-alexguedescom/secure-alexguedescom-cert-q8w5p-1982372682: ""
我不确定使用Helm v2和Tiller以及k8s v1.7是哪一块是错的
I'm not sure which piece is wrong, using Helm v2 with Tiller and k8s v1.7
有什么想法吗?
预先感谢
推荐答案
letsencrypt 证书的典型问题是letencrypt本身无法验证您的身份以及您对域的所有权.在这种情况下,alexguedes.com
.
The typical problem with letsencrypt certs is the letsencrypt itself not being able to validate who you are and that you own the domain. In this case, alexguedes.com
.
使用cert-manager,您可以域名验证和 HTTP验证.根据发布的ClusterIssuer
,您正在执行HTTP验证.因此,您需要确保secure.alexguedes.com
解析为全局可用的IP地址,并且Traefik端口443
正在监听该IP地址.
With cert-manager you can do Domain Validation and HTTP Validation. Based on the posted ClusterIssuer
you are doing HTTP Validation. So you need to make sure that secure.alexguedes.com
resolves to a globally available IP address and that Traefik port 443
is listening on that IP address.
这篇关于等待订单状态为“待处理"的证书颁发的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!