Cert-manager: Expired authorization error upon attempting to retrieve new certificate
Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug
What happened:
Upon renewal/re-issuance of a certificate, the following error is printed and the certificate re-queued to be processed (thus entering a loop):
E1123 20:32:10.223071 1 controller.go:196] certificates controller: Re-queuing item "gitlab/git-example-com" due to error processing: Error checking ACME domain validation: error checking authorization status for git.example.com: 404 urn:acme:error:malformed: Expired authorization
What you expected to happen:
cert-manager should not fail the Prepare step if an authorization has expired, and instead attempt to retrieve a new one.
How to reproduce it (as minimally and precisely as possible):
Wait until an authorization has expired and attempt to issue a new certificate (either through renewal, or by deleting the corresponding secret resource)
munnerz
All 5 comments
Hit that problem as well, could not find a way to distinguish valid from expired authorizations
simonswine
on 26 Nov 2017
I1126 22:00:23.318566 1 sync.go:203] Error preparing issuer for certificate: Error checking ACME domain validation: error checking authorization status for www.swine.de: 404 urn:acme:error:malformed: Expired authorization
I guess they just return a 404 when called
simonswine
on 26 Nov 2017
The fix is supposed to be in v0.3.0 and newer and I'm still seeing the issue with quay.io/jetstack/cert-manager-controller:v0.3.0.
tsuna
on 7 Sep 2018
Fixed by upgrading to v0.4.1, but just wanted to point out the issue might persist with v0.3.0.
tsuna
on 7 Sep 2018
Upgrading to v0.4.1 from v0.3.2 worked for me as well. Thanks for suggestion @tsuna
erewok
on 12 Sep 2018
Related issues
apetheriotis
路
3Comments
munjal-patel
路
3Comments
jbartus
路
4Comments
dontreboot
路
3Comments
munnerz
路
4Comments
Most helpful comment
Fixed by upgrading to v0.4.1, but just wanted to point out the issue might persist with v0.3.0.