Cert-manager: Error message: Head : unsupported protocol scheme ""

Created on 13 May 2018  路  1Comment  路  Source: jetstack/cert-manager

Is this a BUG REPORT or FEATURE REQUEST?:

/kind bug

What happened:

Following documentation, cannot get service running, found errors

I0513 17:34:03.402457       1 leaderelection.go:174] attempting to acquire leader lease...
I0513 17:34:03.405344       1 server.go:68] Listening on http://0.0.0.0:9402
I0513 17:34:19.917455       1 leaderelection.go:184] successfully acquired lease kube-system/cert-manager-controller
I0513 17:34:21.935936       1 controller.go:136] issuers controller: syncing item 'default/letsencrypt-prod'
I0513 17:34:21.946237       1 controller.go:136] issuers controller: syncing item 'default/letsencrypt-staging'
I0513 17:34:23.248320       1 sync.go:40] Error initializing issuer: Head : unsupported protocol scheme ""
I0513 17:34:23.249280       1 sync.go:40] Error initializing issuer: Head : unsupported protocol scheme ""
E0513 17:34:23.257336       1 controller.go:145] issuers controller: Re-queuing item "default/letsencrypt-staging" due to error processing: Head : unsupported protocol scheme ""
E0513 17:34:23.258258       1 controller.go:145] issuers controller: Re-queuing item "default/letsencrypt-prod" due to error processing: Head : unsupported protocol scheme ""
I0513 17:34:26.706081       1 controller.go:136] issuers controller: syncing item 'default/letsencrypt-prod'
I0513 17:34:26.883991       1 sync.go:40] Error initializing issuer: Head : unsupported protocol scheme ""

This just repeats on from here.

What you expected to happen:

Service to start

How to reproduce it (as minimally and precisely as possible):

helm install \
        --name cert-manager \
        --namespace kube-system \
        stable/cert-manager
mkdir -p cert-manager
kubectl create secret generic clouddns-service-account --from-file=secrets/gke-dns-creds.json
cat > cert-manager/letsencrypt-prod.yml <<EOF
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
  name: letsencrypt-prod
  namespace: default
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]

    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    http01: {}
    dns01:
      providers:
        - name: prod-dns
          clouddns:
            serviceAccountSecretRef:
              name: clouddns-service-account
              key: gke-dns-creds.json
            project: gcloud-prod-project
EOF

kubectl create -f cert-manager/letsencrypt-prod.yml

cat > cert-manager/letsencrypt-staging.yml <<EOF
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
  name: letsencrypt-staging
  namespace: default
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: [email protected]

    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging
    http01: {}
    dns01:
      providers:
        - name: prod-dns
          clouddns:
            serviceAccountSecretRef:
              name: clouddns-service-account
              key: gke-dns-creds.json
            project: gcloud-prod-project
EOF
kubectl create -f cert-manager/letsencrypt-staging.yml

with [email protected] replaced with correct email, and the credentials for google cloud dns in secrets/gke-dns-creds.json

secret/letsencrypt-staging and secret/letsencrypt-prod I assume are automatically created, as this being a new install don't have a private key to move over.

Anything else we need to know?:

Environment:

  • Kubernetes version (use kubectl version):
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.6", GitCommit:"6260bb08c46c31eea6cb538b34a9ceb3e406689c", GitTreeState:"clean", BuildDate:"2017-12-21T06:34:11Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"8+", GitVersion:"v1.8.8-gke.0", GitCommit:"6e5b33a290a99c067003632e0fd6be0ead48b233", GitTreeState:"clean", BuildDate:"2018-02-16T18:26:58Z", GoVersion:"go1.8.3b4", Compiler:"gc", Platform:"linux/amd64"}
  • Cloud provider or hardware configuration**:

Google Container Cluster

  • Install tools:
$ helm version
Client: &version.Version{SemVer:"v2.9.0", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.9.0", GitCommit:"f6025bb9ee7daf9fee0026541c90a6f557a3e0bc", GitTreeState:"clean"}
  • Others:

This is a totally empty cluster.
Rbac is configured.

kinbug
Source
picture PurpleBooth

Most helpful comment

After reading the release notes it appears that v2 support comes with version 3.

Switched to v1 let's encrypt endpoint and this seems to be resolved.

I0513 17:49:00.337411       1 leaderelection.go:174] attempting to acquire leader lease...
I0513 17:49:00.338681       1 server.go:68] Listening on http://0.0.0.0:9402
I0513 17:49:16.516654       1 leaderelection.go:184] successfully acquired lease kube-system/cert-manager-controller
I0513 17:49:18.557419       1 controller.go:136] issuers controller: syncing item 'default/letsencrypt-prod'
I0513 17:49:18.558985       1 controller.go:136] issuers controller: syncing item 'default/letsencrypt-staging'
I0513 17:49:19.401192       1 helpers.go:79] Setting lastTransitionTime for Issuer "letsencrypt-prod" condition "Ready" to 2018-05-13 17:49:19.401178327 +0000 UTC m=+19.275927671
I0513 17:49:19.408335       1 controller.go:150] issuers controller: Finished processing work item "default/letsencrypt-prod"
I0513 17:49:19.682898       1 helpers.go:79] Setting lastTransitionTime for Issuer "letsencrypt-staging" condition "Ready" to 2018-05-13 17:49:19.682883413 +0000 UTC m=+19.557632754
I0513 17:49:19.688269       1 controller.go:150] issuers controller: Finished processing work item "default/letsencrypt-staging"
I0513 17:49:21.409729       1 controller.go:136] issuers controller: syncing item 'default/letsencrypt-prod'
I0513 17:49:22.139429       1 controller.go:150] issuers controller: Finished processing work item "default/letsencrypt-prod"
I

So that's changing

spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory

to

spec:
  acme:
    server: https://acme-v01.api.letsencrypt.org/directory

and 

spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory

to 

spec:
  acme:
    server: https://acme-staging.api.letsencrypt.org/directory
picture PurpleBooth on 13 May 2018
👍82

>All comments

After reading the release notes it appears that v2 support comes with version 3.

Switched to v1 let's encrypt endpoint and this seems to be resolved.

I0513 17:49:00.337411       1 leaderelection.go:174] attempting to acquire leader lease...
I0513 17:49:00.338681       1 server.go:68] Listening on http://0.0.0.0:9402
I0513 17:49:16.516654       1 leaderelection.go:184] successfully acquired lease kube-system/cert-manager-controller
I0513 17:49:18.557419       1 controller.go:136] issuers controller: syncing item 'default/letsencrypt-prod'
I0513 17:49:18.558985       1 controller.go:136] issuers controller: syncing item 'default/letsencrypt-staging'
I0513 17:49:19.401192       1 helpers.go:79] Setting lastTransitionTime for Issuer "letsencrypt-prod" condition "Ready" to 2018-05-13 17:49:19.401178327 +0000 UTC m=+19.275927671
I0513 17:49:19.408335       1 controller.go:150] issuers controller: Finished processing work item "default/letsencrypt-prod"
I0513 17:49:19.682898       1 helpers.go:79] Setting lastTransitionTime for Issuer "letsencrypt-staging" condition "Ready" to 2018-05-13 17:49:19.682883413 +0000 UTC m=+19.557632754
I0513 17:49:19.688269       1 controller.go:150] issuers controller: Finished processing work item "default/letsencrypt-staging"
I0513 17:49:21.409729       1 controller.go:136] issuers controller: syncing item 'default/letsencrypt-prod'
I0513 17:49:22.139429       1 controller.go:150] issuers controller: Finished processing work item "default/letsencrypt-prod"
I

So that's changing

spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory

to

spec:
  acme:
    server: https://acme-v01.api.letsencrypt.org/directory

and 

spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory

to 

spec:
  acme:
    server: https://acme-staging.api.letsencrypt.org/directory
PurpleBooth picture PurpleBooth on 13 May 2018
👍82
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jonathan-kosgei picture jonathan-kosgei  路  4Comments
jbouzekri picture jbouzekri  路  4Comments
caiobegotti picture caiobegotti  路  4Comments
jakubknejzlik picture jakubknejzlik  路  3Comments
f-f picture f-f  路  4Comments