Not sure why but I am unable to get cert, I clearly misconfigured something but I am not sure what. Any help would be appreciated. If it matters, I own the domain and currently have it routing to a GCP Load balancer (without a backend). I am using GKE and attempting to build my terraform scripts for the entire environment.
Error from cert-manager logs: E0622 05:13:10.463096 1 controller.go:185] orders controller: Re-queuing item "default/ambassador-certs-3303005432" due to error processing: Error constructing Challenge resource for Authorization: ACME server does not allow selected challenge type or no provider is configured for domain ".net"
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: <MYEMAIL>
privateKeySecretRef:
name: ambassador-certs
dns01:
providers:
- name: letsencrypt-prod
clouddns:
# The ID of the GCP project
project: <MYPROJECTID>
# This is the secret used to access the service account
serviceAccountSecretRef:
name: cert-manager-credentials
key: gcp-dns-admin.jsonCertificate:
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: ambassador-certs
spec:
secretName: ambassador-certs
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
commonName: "<mydomain>.net"
dnsNames:
# you can add multiple domains here
- "<mydomain>.net"
acme:
config:
- dns01:
provider: cloud-dns
domains:
# you can add multiple domains here
- "<mydomain>.net"The problem was in the name of my provider.
provider: cloud-dnsShould have been:
provider: letsencrypt-prod