I am unable to create a certificate using cert-manager.
I am following this guide https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html
This works:
antonswanevelder$ kubectl get pods --namespace cert-manager
NAME READY STATUS RESTARTS AGE
cert-manager-69b4f77ffc-4296b 1/1 Running 0 9m5s
cert-manager-cainjector-576978ffc8-2mxz6 1/1 Running 0 2d13h
cert-manager-webhook-c67fbc858-sdjff 1/1 Running 1 2d13h
But running the test
kubectl describe certificate -n cert-manager-test
Produces nothing.
Any ideas how I can troubleshoot this?
Re-creating the K8s cluster and following the steps in the cert-manager page above worked. One major mistake I have made was referencing the wrong namespace in my Ingress.
Please note to make use of cert-manager.io/cluster-issuer
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
# add an annotation indicating the issuer to use.
cert-manager.io/cluster-issuer: letsencrypt-prod
Also note the slight variation in apiVersion and solvers when using v11 of cert-manager.
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: youremail@domain.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource used to store the account's private key.
name: letsencrypt-prod
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress:
class: nginx
Lastly it might be worth noting that Lets-encrypt needs to point to a valid page in order to serve the certificate. Make sure your domain is pointed correctly and that a page is served at root of that domain. There is a rate-limiter on the prod, so best you work with the staging issuer until a certificate is served. If you run the below code it should show CertificateCreated.
kubectl describe ingress