Kubernetes ';的未知记录ID_acme challenge.example.org.';
我正面临使用stable/traefik helm图表的问题。traefik.example.org(仪表板)的DNS记录正在工作,但我的Let's Encrypt证书无效。我使用DNS-01进行挑战 这是我的价值观。yml:Kubernetes ';的未知记录ID_acme challenge.example.org.';,kubernetes,kubernetes-helm,traefik,azure-aks,Kubernetes,Kubernetes Helm,Traefik,Azure Aks,我正面临使用stable/traefik helm图表的问题。traefik.example.org(仪表板)的DNS记录正在工作,但我的Let's Encrypt证书无效。我使用DNS-01进行挑战 这是我的价值观。yml: ssl: enabled: true enforced: true acme: enabled: true challengeType: "dns-01" dnsProvider: name: ovh existingSecretNam
ssl:
enabled: true
enforced: true
acme:
enabled: true
challengeType: "dns-01"
dnsProvider:
name: ovh
existingSecretName: ""
ovh:
OVH_ENDPOINT: "ovh-eu"
OVH_APPLICATION_KEY: "<key>"
OVH_APPLICATION_SECRET: "<secret-key>"
OVH_CONSUMER_KEY: "<consumer-key>"
email: contact@example.org
onHostRule: true
staging: true
logging: true
# Configure a Let's Encrypt certificate to be managed by default.
# This is the only way to request wildcard certificates (works only with dns challenge).
domains:
enabled: true
# List of sets of main and (optional) SANs to generate for
# for wildcard certificates see https://docs.traefik.io/configuration/acme/#wildcard-domains
domainsList:
- main: "*.example.org"
- sans:
- "example.org"
然后这些日志永远重复:
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Secret","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Secret","time":"2019-04-21T12:52:09Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:34Z"}
有这个警告,但我不确定我该怎么做。
{“level”:“info”,“msg”:“legolog:[WARN][example.org]acme:error cleaning:ovh:unknown record ID for'_acme-challenge.example.org.',“time”:“2019-04-21T12:52:30Z”}
我错过了什么
编辑:
我尝试不使用任何通配符,这是同一个问题。如评论中所述,Let's Encrypt端点被配置为
staging
acme:
staging: false
我从未使用traefik来颁发证书(我们使用cert manager+外部dns来颁发证书),但我非常确定,对于通配符证书,您需要转到另一个LE端点:@VasilyAngapov,我在没有使用任何通配符的情况下尝试过,同样的问题。您正在使用LE的暂存端点(
Fake LE Intermediate X1
),转移未提供有效证书,因为它是转移。您必须使用生产端点(ca)。
acme:
staging: false