Ingress-nginx: Nginx outgoing certificate error

Created on 24 Oct 2019  路  3Comments  路  Source: kubernetes/ingress-nginx

Hello,

I have realized this with docker gitlab runner. It couldnt reach docker.io giving same error. Now cert-manager can not refresh my certificates. Error is below

Error simply is

E1022 17:33:58.843638 1 controller.go:131] cert-manager/controller/orders "msg"="re-queuing item due to error processing" "error"="error creating new order: Get https://acme-v02.api.letsencrypt.org/directory: x509: certificate is valid for NGINXIngressController, not acme-v02.api.letsencrypt.org" "key"="gitlab/git-cert-1197334735-497646583"

More

I1022 17:33:58.609536       1 controller.go:129] cert-manager/controller/orders "level"=0 "msg"="syncing item" "key"="gitlab/git-cert-1197334735-497646583" 
I1022 17:33:58.609727       1 sync.go:77] cert-manager/controller/orders "level"=0 "msg"="Creating new ACME order as status.url is not set" "resource_kind"="Order" "resource_name"="git-cert-1197334735-497646583" "resource_namespace"="gitlab" 
I1022 17:33:58.609747       1 sync.go:167] cert-manager/controller/orders "level"=0 "msg"="order URL not set, submitting Order to ACME server" "resource_kind"="Order" "resource_name"="git-cert-1197334735-497646583" "resource_namespace"="gitlab" 
I1022 17:33:58.609764       1 sync.go:173] cert-manager/controller/orders "level"=0 "msg"="build set of domains for Order" "resource_kind"="Order" "resource_name"="git-cert-1197334735-497646583" "resource_namespace"="gitlab" "domains"=["git.terrainserver.com"]
I1022 17:33:58.609772       1 logger.go:38] Calling CreateOrder
E1022 17:33:58.843638       1 controller.go:131] cert-manager/controller/orders "msg"="re-queuing item  due to error processing" "error"="error creating new order: Get https://acme-v02.api.letsencrypt.org/directory: x509: certificate is valid for NGINXIngressController, not acme-v02.api.letsencrypt.org" "key"="gitlab/git-cert-1197334735-497646583"
picture Nymria

Most helpful comment

@Nymria I'm getting the same exact error and I'm also using wildcard DNS with my main domain, how did you solve it? How it's related to DNS wildcard records?

picture fabn on 3 Feb 2020
👍3

All 3 comments

Nginx Ingress is somehow intercepting outgoing requests and replacing remote cenrtificate with the local one. When an app is behind Nginx Ingress and requests remote adress with HTTPS (like https://acme.letsenrypt or https://docker.io) , nginx is intercepting and response is returned with default ingress SSL certificate. It is resulting in error

Get https://acme-v02.api.letsencrypt.org/directory: x509: certificate is valid for ingress.local, not acme-v02.api.letsencrypt.org

Can someone tell me how to fix this?

Nymria picture Nymria on 25 Oct 2019

Error is related with wildcard DNS redirecting. Closing

Nymria picture Nymria on 4 Nov 2019
👎1

@Nymria I'm getting the same exact error and I'm also using wildcard DNS with my main domain, how did you solve it? How it's related to DNS wildcard records?

fabn picture fabn on 3 Feb 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cehoffman picture cehoffman  路  3Comments
oilbeater picture oilbeater  路  3Comments
juliohm1978 picture juliohm1978  路  3Comments
boazj picture boazj  路  3Comments
kfox1111 picture kfox1111  路  3Comments