I Created two files, one is for ClusterIssuer and the Second is for Certificate. My Domain is an example.com and I need to create a new subdomain with wildcard *.testing.example.com and I already created an entry in Route53 called *.testing.example.com with A record and mapped with nlb.
Below are my profile and which good to me, but I am getting error " msg"="propagation check failed" "error"="DNS record for \"testing.example.com\" not yet propagated"
ClusterIssuer.yaml
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: devops@example.com
privateKeySecretRef:
name: letsencrypt-prod
solvers:
# example: cross-account zone management for example.com
# this solver uses ambient credentials (i.e. inferred from the environment or EC2 Metadata Service)
# to assume a role in a different account
- selector:
dnsZones:
- "example.com"
dns01:
route53:
region: ap-south-1
hostedZoneID: 71MYVttggee
role: arn:aws:iam::123456:role/dns-managerCertificate.yaml
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: example-cert
spec:
secretName: acme-crt
issuerRef:
kind: ClusterIssuer
name: letsencrypt-prod
commonName: testing.example.com
dnsNames:
- '*.testing.example.com'
acme:
config:
- dns01:
provider: route53
domains:
- '*.testing.example.com'What you have is correct, you just need to wait for DNS propagation so that the verification records can be checked by LetsEncrypt.