Cert-manager: DNS Record for domain.com not yet propagated
I am using cert-manager in my Kubernetes cluster and have used this config to set it up: https://github.com/jetstack/cert-manager/releases/download/v0.10.1/cert-manager.yaml.
After having applied a ClusterIssuer and a Certificate, I see a TXT record created in Route53, but the certificate never gets issued.
I've tried adding "--dns01-recursive-nameservers-only" to the config's args in the cert-manager deployment.
ClusterIssuer:
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: vault-prod-letsencrypt
annotations:
iam.amazonaws.com/role: [ROLE-ARN]
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: [EMAIL]
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: production-letsencrypt
dns01:
providers:
- name: route53
route53:
region: us-east-1
role: [ROLE-ARN]
hostedZoneID: [HOSTED ZONE ID]
Certificate:
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: vault-prod-tls
namespace: production
annotations:
iam.amazonaws.com/role: [ROLE-ARN]
spec:
secretName: vault-prod-tls
dnsNames:
- "*.domain.com"
issuerRef:
name: vault-prod-letsencrypt
kind: ClusterIssuer
acme:
config:
- dns01:
provider: route53
hostedZoneName: domain.com
domains:
- "*.domain.com"
I expect to see the Certificate no longer in a Pending state. But instead in the cert-manager pod's logs, I see “DNS Record for ___ not yet propagated”.
rfarine
>All comments
@rfarine why did you close the issue? Have you found the root of problem or solution?
alikhil
on 31 Jan 2020
👍6
Was this page helpful?
0 / 5 - 0 ratings
Related issues
Stono
·
3Comments
jbeda
·
4Comments
Azylog
·
3Comments
munjal-patel
·
3Comments
gaieges
·
3Comments
Most helpful comment
@rfarine why did you close the issue? Have you found the root of problem or solution?