Bad url for let's enscrypt and cert-manager with 2 times /.well-known/.well-known/

1/11/2022

I have a problem with CertManager since its 1.6 update. After a lot of research, I can't find an answer on the net.

Mid-2021 I was using my version 1.0.2 of CertManager and it was working fine. During my tests, I just had quota problems. So I added 2 issuer: 1 PROD and 1 STAGING.

At the end of 2021, I updated to PROD CertManager in version 1.6.2. Since this update, unable to obtain certificates.

Here are the messages from the POD cert-manager log.

service.go:43] cert-manager/controller/challenges/http01/selfCheck/http01/ensureService "msg"="found one existing HTTP01 solver Service for challenge resource" "dnsName"="<MY_SUBDOMAIN>.<MY_DOMAIN>.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-hnxb2" "related_resource_namespace"="osp-preprod" "related_resource_version"="v1" "resource_kind"="Challenge" "resource_name"="<MY_APP>-cert-g7dtj-1879994047-815825437" "resource_namespace"="osp-preprod" "resource_version"="v1" "type"="HTTP-01" 
sync.go:186] cert-manager/controller/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request '<MY_SUBDOMAIN>.<MY_DOMAIN>.com/.well-known/acme-challenge/PVX5wP_mWuNsvM55LmNoOI9ahYTOaNWXO6rHAujOMCI': Get \"<MY_SUBDOMAIN>.<MY_DOMAIN>.com/.well-known/acme-challenge/PVX5wP_mWuNsvM55LmNoOI9ahYTOaNWXO6rHAujOMCI\": dial tcp: lookup <MY_SUBDOMAIN>.<MY_DOMAIN>.com on 10.32.0.10:53: no such host" "dnsName"="<MY_SUBDOMAIN>.<MY_DOMAIN>.com" "resource_kind"="Challenge" "resource_name"="osp-api-cert-mdgzx-2869994635-3017881804" "resource_namespace"="osp-preprod" "resource_version"="v1" "type"="HTTP-01"

Since these issues, I have been inundated with 404 errors on our application in this domain as I regularly received queries equivalent to these:

http://<MY_SUBDOMAIN>.<MY_DOMAIN>.com/.well-known/.well-known/acme-challenge/PVX5wP_mWuNsvM55LmNoOI9ahYTOaNWXO6rHAujOMC

You will notice the fact that there are 2 times .well-known. I suspect this is not normal.

On the other hand, I do not understand where, it can come from. Do you have an idea ?

-- Ronald
cert-manager
kubernetes
lets-encrypt

0 Answers