No resources found: Letsencrypt certificate not creating in kubernetes

1/20/2022

I am trying to issue a certificate for my ingress and nothing seems to be working.

Error logs so far

$ kubectl describe ingress

Could not determine issuer for ingress due to bad annotations: failed to determine issuer name to be used for ingress resource
$ kubectl get certificate --all-namespaces

No resources found
$ kubectl logs cert-manager-XXXX

setup.go:219] cert-manager/controller/clusterissuers "msg"="ACME server URL host and ACME private key registration host differ. Re-checking ACME account registration" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-staging" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-staging" "resource_namespace"="" "resource_version"="v1" 
I0120 22:02:59.771825       1 setup.go:309] cert-manager/controller/clusterissuers "msg"="verified existing registration with ACME server" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-staging" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-staging" "resource_namespace"="" "resource_version"="v1" 
I0120 22:02:59.771862       1 conditions.go:95] Setting lastTransitionTime for Issuer "letsencrypt-staging" condition "Ready" to 2022-01-20 22:02:59.771855575 +0000 UTC m=+2131.058155695
I0120 22:02:59.796733       1 setup.go:202] cert-manager/controller/clusterissuers "msg"="skipping re-verifying ACME account as cached registration details look sufficient" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-staging" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-staging" "resource_namespace"="" "resource_version"="v1" 
I0120 22:03:04.459836       1 setup.go:202] cert-manager/controller/clusterissuers "msg"="skipping re-verifying ACME account as cached registration details look sufficient" "related_resource_kind"="Secret" "related_resource_name"="letsencrypt-staging" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="letsencrypt-staging" "resource_namespace"="" "resource_version"="v1" 

A breakdown of what I have done do so

  1. I have used ClusertIssuer and Issuer alternatively in my issuer manifest (letsencrypt staging and prod). Not working
  2. I have deleted and reinstalled cert-manager. Currently using v1.6.1. Not working
  3. Removed kubernetes.io/tls-acme: "true". Not working
  4. Changed to latest API cert-manager.io/v1. Not working

`

Manifest files

ingress.yml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app
  annotations:
    kubernetes.io/tls-acme: "true"
    certmanager.io/cluster-issuer: letsencrypt-staging
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
  - hosts:
    - test.domain.com
    secretName: app-tls
  rules:
  - host: test.domain.com
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: app
            port:
              name: http

staging_issuer.yml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # The ACME server URL
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: me@gmail.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class:  nginx

prod_issuer.yml

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # The ACME server URL
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: me@gmail.com
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx

cert-manager used

cert-manager

-- sam hassan
amazon-eks
kubectl
kubernetes
kubernetes-ingress
lets-encrypt

0 Answers