Cert-manager can’t find route53 secret¶
It seems I did something to delete the original cert-manager Route53 secret, renewals and new certs failed with this error:
error getting route53 secret access key: secrets
For each certificate, cert-manager is trying to get the Route53 secret from the Ingress components namespace (instead of from the cert-manager namespace) I guess this is the fallback behavior when the secret does not exist in cert-managers own namespace.
After creating the secret in the cert-manager namespace again everything worked:
Issuer Not Found¶
I am guessing this was caused by a hard to find copy paste issue. The certificate was not getting issued because I was using:
cert-manager.io/issuer:
Instead of
cert-manager.io/cluster-issuer:
The Ingress should look like this:
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ntfy
namespace: ntfy
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/hostname: ntft.cetinich.net.
The symptom was that the certificaterequest
had events showing that:
Referenced "Issuer" not found: issuer.cert-manager.io "letsencrypt-prod" not found
The cert-manager troubleshooting guide is very useful, kudos to the author.
Comments
comments powered by Disqus