cert-manager:让我们加密拒绝 ACME 帐户
[英]cert-manager: let's encrypt refuses ACME account
问题描述
I followed the cert-manager tutorial to enable tls in my k3s cluster .
我按照cert-manager 教程在我的k3s 集群中启用了 tls。 So I modified the letsencrypt-staging issuer file to look like this:所以我修改了letsencrypt-staging issuer文件,如下所示:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: mail@example.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: traefik
but when I deploy it, I get the error Failed to verify ACME account: Get "https://acme-staging-v02.api.letsencrypt.org/directory": read tcp 10.42.0.96:45732->172.65.46.172:443: read: connection reset by peer .但是当我部署它时,我收到错误Failed to verify ACME account: Get "https://acme-staging-v02.api.letsencrypt.org/directory": read tcp 10.42.0.96:45732->172.65.46.172:443: read: connection reset by peer 。 But thats only with the staging clusterIssuer.但这仅适用于 staging clusterIssuer。 The production example from te tutorial works flawlessly. te教程中的生产示例完美无缺。 I resacherd this error and it seems to be somthing with the kubernetes dns but I don't know how to test the dns or any other way to figure this error out.我重新发现了这个错误,它似乎与 kubernetes dns 有关,但我不知道如何测试 dns 或任何其他方法来解决这个错误。
Tested the kubernetes DNS and it is up and running, so it must be an error with cert-manager,especially because the prod certificates status says `Ready=True测试了 kubernetes DNS 并且它已启动并正在运行,所以它一定是 cert-manager 的错误,特别是因为prod证书状态显示 `Ready=True
1 个解决方案
解决方案1
1 已采纳 2021-02-05 10:12:33
So it seems like I ran into a let's encrypt limit.所以看起来我遇到了让我们加密的限制。 After waiting for a day, the certificate now works等了一天,证书现在可以用了
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.