堆栈内存溢出
  简体   繁体   English

Kubernetes Cert-Manager 无法让 http01 ACME challange 工作

[英]Kubernetes Cert-Manager can't get http01 ACME challange to work

 原文  2020-05-21 07:19:11       asp.net-core/ kubernetes/ lets-encrypt/ azure-aks/ cert-manager

问题描述

Hello I m struggling to get the Cert-Manager work with let'sencrypt on my Azure AKS to secure and asp.net core web app.您好,我正在努力让 Cert-Manager 与我的 Azure AKS 上的 let'sencrypt 一起工作,以保护和 asp.net 核心 web 应用程序。

I have a ClusterIssuer like that:我有一个这样的 ClusterIssuer:

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencryptstaging-issuer
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: letsencryptstaging@prodibi.com
    privateKeySecretRef:
      name: letsencryptstaging-secret
    solvers:
    - http01:
        ingress:
          class: nginx

and I request a certificate like that:我要求这样的证书:

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: aks-prodibiv2-com-staging
spec:
  secretName: aks-prodibiv2-com-staging-secret
  duration: 2160h
  renewBefore: 480h
  organization:
  - prodibiv2
  dnsNames:
  - aks.prodibiv2.com
  issuerRef:
    name: letsencryptstaging-issuer
    kind: ClusterIssuer

I also have added the annotations to the ingress controller I would like to use我还将注释添加到我想使用的入口 controller

certmanager.k8s.io/acme-challenge-type: http01
certmanager.k8s.io/cluster-issuer: letsencryptstaging-issuer

In the following screenshot we can see that the certificate request is "Waiting to complete" We can see also that we have two ingress controller and the one for the challenge seems to not have an IP, and the domain is pointing to the ingress-prodibiweb在下面的屏幕截图中,我们可以看到证书请求是“等待完成”我们还可以看到我们有两个入口 controller,挑战的一个似乎没有 IP,并且域指向 ingress-prodibiweb

if I try to put the domain in front of the.well-known path I get a 404 not found error.如果我尝试将域放在.well-known 路径的前面,我会收到 404 not found 错误。

So my guess is that the cert-manager is not configured properly to use the ingress-prodibiweb (that point to asp.net core webapp) or something like that.所以我的猜测是 cert-manager 没有正确配置为使用 ingress-prodibiweb(指向 asp.net 核心 webapp)或类似的东西。 Any idea on what can I try to get it working?关于我可以尝试什么让它工作的任何想法?

证书状态和入口描述的屏幕截图

1 个解决方案

解决方案1
 1 已采纳  2020-05-22 05:55:59

  1. Your ingress ip is private.您的入口 ip 是私有的。 No way for Let's encrypt to access. Let's encrypt 无法访问。
  2. You need to make sure you are using Nginx Ingress which you are using您需要确保您使用的是您正在使用的 Nginx Ingress
    - http01:
        ingress:
          class: nginx
  1. Make sure your domain is point to right IP.确保您的域指向正确的 IP。 (Ingress IP and also a Load Balancer IP) Now is 20.50.42.93 https://mxtoolbox.com/SuperTool.aspx?action=a%3aaks.prodibiv2.com&run=toolpage (入口 IP 和负载均衡器 IP)现在是 20.50.42.93 https://mxtoolbox.com/SuperTool.aspx?action=a%3aaks.prodibiv2.com&run=toolpage

Anddns01 also a solution to request SSL.dns01也是请求SSL的解决方案。 You can give it a try if you have enough permissions.如果您有足够的权限,可以尝试一下。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法让 HTTP PUT 请求在 ASP.NET Core 中工作 - Can't get HTTP PUT request to work in ASP.NET Core 无法使SSL与MassTransit和cloudamqp一起使用 - Can't get SSL to work with MassTransit and cloudamqp 无法在 post 方法上进行验证 - Can't get validation to work on post method 形式 Http POST 不起作用,只能在 asp core mvc 中工作 - the form Http POST doesn't work, only Get work in asp core mvc 无法使 razor 运行时编译工作 - can't get razor runtime compilation to work http.get响应对象 - 无法访问json()? - http.get Response object - can't access json()? 无法使Tag Helper在.NET Core 2.1中工作 - Can't get Tag Helpers to work in .NET Core 2.1 无法让 IIS Express 和 .Less 文件工作 - Can't get IIS Express and .Less Files to work 无法让 Blazor WASM AAD 应用角色工作 - Can't Get Blazor WASM AAD App Roles To Work Angular使用Http请求不起作用 - Angular using Http request doesn't work
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM