Cert-manager: digitalocean dns01 invalid header field

Created on 10 May 2019  路  5Comments  路  Source: jetstack/cert-manager

Bugs should be filed for issues encountered whilst operating cert-manager.
You should first attempt to resolve your issues through the community support
channels, e.g. Slack, in order to rule out individual configuration errors.
Please provide as much detail as possible.

Describe the bug:
try to create a certificate but get invalid field value error message in challenge.

Expected behaviour:
certificate should created.

Steps to reproduce the bug:
I use a digitalocean-dns secret and a certificate manifest yaml file.

apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
name: letsencrypt-staging-dns
namespace: default
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: [email protected]

# Name of a secret used to store the ACME account private key
privateKeySecretRef:
  name: letsencrypt-staging-dns

# ACME DNS-01 provider configurations
dns01:

  # Here we define a list of DNS-01 providers that can solve DNS challenges
  providers:

    - name: prod-dns
      digitalocean:
        tokenSecretRef:
          name: digitalocean-dns
          key: access-token

apiVersion: v1
kind: Secret
metadata:
name: digitalocean-dns
namespace: default
data:
access-token: my-token-from-digitalocean

certificate-file:
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: nginx-bocap-cloud
namespace: default
spec:
secretName: nginx-bocap-cloud-secret
issuerRef:
name: letsencrypt-staging-dns
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
commonName: bocap.cloud
dnsNames:
- bocap.cloud
acme:
config:
- dns01:
provider: prod-dns
domains:
- bocap.cloud

Anything else we need to know?:

Do I need to

Environment details::

  • Kubernetes version (e.g. v1.10.2): v1.9.3"
  • Cloud-provider/provisioner (e.g. GKE, kops AWS, etc): on-premise
  • cert-manager version (e.g. v0.4.0): image canary
  • Install method (e.g. helm or static manifests): helm

/kind bug
I0510 10:09:55.787912 1 controller.go:198] cert-manager/controller/orders "level"=0 "msg"="syncing resource" "key"="default/nginx-bocap-cloud-2918788647"
I0510 10:09:55.787935 1 controller.go:219] cert-manager/controller/challenges "level"=0 "msg"="finished processing work item" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:09:55.787970 1 controller.go:213] cert-manager/controller/challenges "level"=0 "msg"="syncing resource" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:09:55.788082 1 sync.go:274] Need to create 0 challenges
I0510 10:09:55.788096 1 sync.go:319] Waiting for all challenges for order "nginx-bocap-cloud-2918788647" to enter 'valid' state
I0510 10:09:55.788113 1 dns.go:101] Presenting DNS01 challenge for domain "bocap.cloud"
I0510 10:09:55.788121 1 controller.go:204] cert-manager/controller/orders "level"=0 "msg"="finished processing work item" "key"="default/nginx-bocap-cloud-2918788647"
E0510 10:09:55.986620 1 controller.go:215] cert-manager/controller/challenges "msg"="re-queuing item due to error processing" "error"="Post https://api.digitalocean.com/v2/domains/bocap.cloud/records: net/http: invalid header field value \"Bearer \xe7轁\xf5\xf7\xfc{\xcdZ\xe5荽\xf7\x9d9\xe9\xcd7\xdf轂{\xad9\xe7\xb7\xdcm莘\xf3\xb6\x9c\xf3\xbeuy\xb7\xb9\u007fGxs\xd6\xf6薛\xbb\" for key Authorization" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:09:55.986714 1 controller.go:213] cert-manager/controller/challenges "level"=0 "msg"="syncing resource" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:09:55.986752 1 controller.go:198] cert-manager/controller/orders "level"=0 "msg"="syncing resource" "key"="default/nginx-bocap-cloud-2918788647"
I0510 10:09:55.986887 1 dns.go:101] Presenting DNS01 challenge for domain "bocap.cloud"
I0510 10:09:55.986907 1 sync.go:274] Need to create 0 challenges
I0510 10:09:55.986918 1 sync.go:319] Waiting for all challenges for order "nginx-bocap-cloud-2918788647" to enter 'valid' state
I0510 10:09:55.986942 1 controller.go:204] cert-manager/controller/orders "level"=0 "msg"="finished processing work item" "key"="default/nginx-bocap-cloud-2918788647"
E0510 10:09:55.986983 1 controller.go:215] cert-manager/controller/challenges "msg"="re-queuing item due to error processing" "error"="Post https://api.digitalocean.com/v2/domains/bocap.cloud/records: net/http: invalid header field value \"Bearer \xe7轁\xf5\xf7\xfc{\xcdZ\xe5荽\xf7\x9d9\xe9\xcd7\xdf轂{\xad9\xe7\xb7\xdcm莘\xf3\xb6\x9c\xf3\xbeuy\xb7\xb9\u007fGxs\xd6\xf6薛\xbb\" for key Authorization" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:10:00.986917 1 controller.go:213] cert-manager/controller/challenges "level"=0 "msg"="syncing resource" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:10:00.987106 1 dns.go:101] Presenting DNS01 challenge for domain "bocap.cloud"
E0510 10:10:00.987221 1 controller.go:215] cert-manager/controller/challenges "msg"="re-queuing item due to error processing" "error"="Post https://api.digitalocean.com/v2/domains/bocap.cloud/records: net/http: invalid header field value \"Bearer \xe7轁\xf5\xf7\xfc{\xcdZ\xe5荽\xf7\x9d9\xe9\xcd7\xdf轂{\xad9\xe7\xb7\xdcm莘\xf3\xb6\x9c\xf3\xbeuy\xb7\xb9\u007fGxs\xd6\xf6薛\xbb\" for key Authorization" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:10:20.987457 1 controller.go:213] cert-manager/controller/challenges "level"=0 "msg"="syncing resource" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:10:20.987695 1 dns.go:101] Presenting DNS01 challenge for domain "bocap.cloud"
E0510 10:10:20.987845 1 controller.go:215] cert-manager/controller/challenges "msg"="re-queuing item due to error processing" "error"="Post https://api.digitalocean.com/v2/domains/bocap.cloud/records: net/http: invalid header field value \"Bearer \xe7轁\xf5\xf7\xfc{\xcdZ\xe5荽\xf7\x9d9\xe9\xcd7\xdf轂{\xad9\xe7\xb7\xdcm莘\xf3\xb6\x9c\xf3\xbeuy\xb7\xb9\u007fGxs\xd6\xf6薛\xbb\" for key Authorization" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:11:00.988146 1 controller.go:213] cert-manager/controller/challenges "level"=0 "msg"="syncing resource" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:11:00.988390 1 dns.go:101] Presenting DNS01 challenge for domain "bocap.cloud"
E0510 10:11:00.988529 1 controller.go:215] cert-manager/controller/challenges "msg"="re-queuing item due to error processing" "error"="Post https://api.digitalocean.com/v2/domains/bocap.cloud/records: net/http: invalid header field value \"Bearer \xe7轁\xf5\xf7\xfc{\xcdZ\xe5荽\xf7\x9d9\xe9\xcd7\xdf轂{\xad9\xe7\xb7\xdcm莘\xf3\xb6\x9c\xf3\xbeuy\xb7\xb9\u007fGxs\xd6\xf6薛\xbb\" for key Authorization" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:12:20.988762 1 controller.go:213] cert-manager/controller/challenges "level"=0 "msg"="syncing resource" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:12:20.988943 1 dns.go:101] Presenting DNS01 challenge for domain "bocap.cloud"
E0510 10:12:20.989044 1 controller.go:215] cert-manager/controller/challenges "msg"="re-queuing item due to error processing" "error"="Post https://api.digitalocean.com/v2/domains/bocap.cloud/records: net/http: invalid header field value \"Bearer \xe7轁\xf5\xf7\xfc{\xcdZ\xe5荽\xf7\x9d9\xe9\xcd7\xdf轂{\xad9\xe7\xb7\xdcm莘\xf3\xb6\x9c\xf3\xbeuy\xb7\xb9\u007fGxs\xd6\xf6薛\xbb\" for key Authorization" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:15:00.989333 1 controller.go:213] cert-manager/controller/challenges "level"=0 "msg"="syncing resource" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:15:00.989591 1 dns.go:101] Presenting DNS01 challenge for domain "bocap.cloud"
E0510 10:15:00.989735 1 controller.go:215] cert-manager/controller/challenges "msg"="re-queuing item due to error processing" "error"="Post https://api.digitalocean.com/v2/domains/bocap.cloud/records: net/http: invalid header field value \"Bearer \xe7轁\xf5\xf7\xfc{\xcdZ\xe5荽\xf7\x9d9\xe9\xcd7\xdf轂{\xad9\xe7\xb7\xdcm莘\xf3\xb6\x9c\xf3\xbeuy\xb7\xb9\u007fGxs\xd6\xf6薛\xbb\" for key Authorization" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:15:41.561362 1 controller.go:213] cert-manager/controller/challenges "level"=0 "msg"="syncing resource" "key"="default/nginx-bocap-cloud-3995958575-0"
E0510 10:15:41.561412 1 controller.go:238] cert-manager/controller/challenges "msg"="challenge in work queue no longer exists" "error"="challenge.certmanager.k8s.io \"nginx-bocap-cloud-3995958575-0\" not found"
I0510 10:15:41.561426 1 controller.go:219] cert-manager/controller/challenges "level"=0 "msg"="finished processing work item" "key"="default/nginx-bocap-cloud-3995958575-0"
I0510 10:20:20.990140 1 controller.go:213] cert-manager/controller/challenges "level"=0 "msg"="syncing resource" "key"="default/nginx-bocap-cloud-2918788647-0"
I0510 10:20:20.990388 1 dns.go:101] Presenting DNS01 challenge for domain "bocap.cloud"
E0510 10:20:20.990523 1 controller.go:215] cert-manager/controller/challenges "msg"="re-queuing item due to error processing" "error"="Post https://api.digitalocean.com/v2/domains/bocap.cloud/records: net/http: invalid header field value \"Bearer \xe7轁\xf5\xf7\xfc{\xcdZ\xe5荽\xf7\x9d9\xe9\xcd7\xdf轂{\xad9\xe7\xb7\xdcm莘\xf3\xb6\x9c\xf3\xbeuy\xb7\xb9\u007fGxs\xd6\xf6薛\xbb\" for key Authorization" "key"="default/nginx-bocap-cloud-2918788647-0"

kinbug lifecyclrotten
Source
picture bjin01

Most helpful comment

@bjin01 you have to encode your secret in base64 as describe in k8s docs ... we just went through the same issue

hope this helps

picture pluqueTheLuxe on 10 May 2019
👍3 🚀1 🎉1

All 5 comments

@bjin01 you have to encode your secret in base64 as describe in k8s docs ... we just went through the same issue

hope this helps

pluqueTheLuxe picture pluqueTheLuxe on 10 May 2019
👍3 🚀1 🎉1

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale

retest-bot picture retest-bot on 8 Aug 2019

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle rotten
/remove-lifecycle stale

retest-bot picture retest-bot on 7 Sep 2019

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to jetstack.
/close

retest-bot picture retest-bot on 7 Oct 2019

@retest-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to jetstack.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

jetstack-bot picture jetstack-bot on 7 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jonathan-kosgei picture jonathan-kosgei  路  4Comments
munjal-patel picture munjal-patel  路  3Comments
cpick picture cpick  路  3Comments
jbartus picture jbartus  路  4Comments
apetheriotis picture apetheriotis  路  3Comments