Cert-manager: Error preparing wildcard certificate: No existing record found

Created on 13 Jun 2018  Â·  7Comments  Â·  Source: jetstack/cert-manager

I have a strange problem with cert manager v3.0

I have 2 wildcard certificates, and I'm creating both of them in 2 namespaces, default and kube-system

We'll call the certificates *.example.com and *.sub.example.com.

*.example.com was successfully requested in both namespaces. *.sub.example.com was successfully created in kube-system, but not default.

The error message in the cert-manager logs is:

I0613 15:33:26.896022       1 sync.go:239] Preparing certificate default/sub-example-wildcard with issuer
I0613 15:33:26.896034       1 acme.go:159] getting private key (letsencrypt-prod->tls.key) for acme issuer kube-system/letsencrypt-prod
I0613 15:33:26.896354       1 logger.go:27] Calling GetOrder
I0613 15:33:27.015610       1 logger.go:52] Calling GetAuthorization
I0613 15:33:27.092915       1 logger.go:77] Calling DNS01ChallengeRecord
I0613 15:33:27.092947       1 prepare.go:263] Cleaning up old/expired challenges for Certificate default/sub-example-wildcard
I0613 15:33:27.092961       1 logger.go:47] Calling GetChallenge
I0613 15:33:27.163112       1 dns.go:78] Checking DNS propagation for "sub.example.com" using name servers: [100.64.0.10:53]
I0613 15:33:27.179470       1 helpers.go:162] Found status change for Certificate "sub-example-wildcard" condition "Ready": "False" -> "False"; setting lastTransitionTime to 2018-06-13 15:33:27.17946188 +0000 UTC m=+578.140111811
I0613 15:33:27.179494       1 sync.go:241] Error preparing issuer for certificate default/sub-example-wildcard: Could not determine the zone: Could not find the start of authority
areacme kinbug
Source
picture frankh

All 7 comments

582 recently merged, which I know has fixed errors like yours for a number of users.

Could you try the :canary docker image tag and report back here?

munnerz picture munnerz on 15 Jun 2018
👍1

I'm now getting another error: due to error processing: No existing record found

frankh picture frankh on 15 Jun 2018

I'm still having this issue with cert manager 0.4.1:

I0821 08:42:30.221243       1 controller.go:181] certificates controller: syncing item 'kube-system/subdomain-wildcard'
I0821 08:42:30.221461       1 sync.go:280] Preparing certificate kube-system/subdomain-wildcard with issuer
I0821 08:42:30.221473       1 acme.go:169] getting private key (letsencrypt-prod->tls.key) for acme issuer kube-system/letsencrypt-prod
I0821 08:42:30.221767       1 prepare.go:247] Cleaning up previous order for certificate kube-system/subdomain-wildcard
I0821 08:42:30.221775       1 prepare.go:263] Cleaning up old/expired challenges for Certificate kube-system/subdomain-wildcard
I0821 08:42:30.221778       1 prepare.go:287] Cleaning up challenge for domain "subdomain.example.com" as part of Certificate kube-system/subdomain-wildcard
I0821 08:42:30.534332       1 sync.go:282] Error preparing issuer for certificate kube-system/subdomain-wildcard: No existing record found
I0821 08:42:30.534544       1 sync.go:174] Certificate kube-system/subdomain-wildcard scheduled for renewal in -211 hours
frankh picture frankh on 21 Aug 2018

I believe I've found the issue and I've made a PR: https://github.com/jetstack/cert-manager/pull/849

frankh picture frankh on 21 Aug 2018

Can this be closed now #849 has merged? 😀

On Tue, 21 Aug 2018 at 10:02, Frank Hamand notifications@github.com wrote:

I believe I've found the issue and I've made a PR: #849
https://github.com/jetstack/cert-manager/pull/849

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/jetstack/cert-manager/issues/654#issuecomment-414604072,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAMbP6b0NKk5aqwFJoVUVzCbdc0XHE8Mks5uS8yegaJpZM4Umceu
.

munnerz picture munnerz on 6 Sep 2018
👍1

Yep, the bot already closed

frankh picture frankh on 6 Sep 2018

🙄 my bad - email client was being unhelpful!

On Thu, 6 Sep 2018 at 19:00, Frank Hamand notifications@github.com wrote:

Yep, the bot already closed

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/jetstack/cert-manager/issues/654#issuecomment-419187077,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAMbP-rUVhxtc-6BPZo4tG8-iEHbUZiuks5uYWK8gaJpZM4Umceu
.

munnerz picture munnerz on 6 Sep 2018
😄1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Stono picture Stono  Â·  3Comments
howardjohn picture howardjohn  Â·  3Comments
jonathan-kosgei picture jonathan-kosgei  Â·  4Comments
caiobegotti picture caiobegotti  Â·  4Comments
r0bj picture r0bj  Â·  3Comments