cert manager is failing with Waiting for dns-01 challenge propagation: Could not determine authoritative nameservers
I have created cert-manager on aks-engine using below command kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v0.12.0/cert-manager.yaml
my certificate spec
issuer spec
Im using nginx as ingress, I could see txt record in the azure dns zone created my azuredns service principle, but not sure what is the issue on nameservers
I ran into the same error... I suspect that it's because I'm using a mix of private and public Azure DNS entries and the record needs to get added to the public entry so letsencrypt can see it, however, cert-manager performs a check that the TXT record is visible before asking letsencrypt to perform the validation... I assume that the default DNS records cert-manager looks at is the private one, and because there's no TXT record there, it gets stuck on this error.
The way around it, as described on cert-manager.io is to override the default DNS using extraArgs (I'm doing this with terraform and helm):
resource "helm_release" "cert_manager" {
name = "cert-manager"
repository = "https://charts.jetstack.io"
chart = "cert-manager"
set {
name = "installCRDs"
value = "true"
}
set {
name = "extraArgs"
value = "{--dns01-recursive-nameservers-only,--dns01-recursive-nameservers=8.8.8.8:53\\,1.1.1.1:53}"
}
}
- nginx: what is nodelay in http request limit module?
- Blazor WASM styling missing when hosted in docker using nginx
- Nginx prepends response data with post request body content from its' buffer?
- vue-router, nginx and direct link
- Nestjs doesn't handle request from nginx proxy_pass using docker-compose
- nginx redirection to index page
- Angular Production Build -> no output / 502 Error with nginx
- Symfony app in docker swarm mode with multiple replicas, session problem?
- nginx configuration is deemed incomplete yet identical to other installation
- 400 Bad Request - request header or cookie too large
- Why is a web server (i.e Nginx) REQUIRED for FastAPI but not Express API?
- How to host a Flask app on a subfolder / URL prefix with Nginx?
- Nginx location priority
- nginx conf file: Detect if browser language is "de", then redirect to page .... else redirect to other page
- Nginx Reverse Proxy: Throwing 502 Bad Gateway
- Livewire image upload fails on production server
- nginx SSL no start line: expecting: TRUSTED CERTIFICATE
- Are you trying to mount a directory onto a file (or vice-versa)?
- SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
- nginx the "ssl" directive is deprecated, use the "listen ... ssl"
- CORS issue with NGinx and fetch react native
- Problem installing Issuer (cert-manager) inside GKE cluster tls: failed to verify certificate: x509: certificate signed by unknown authority
- Reverse proxy with keepalive and re-resolve DNS according to TTL in nginx
- How to get nginx logs to display in prometheus?
- The POST request body as part of the cache key in NGINX caching is not working as expected
- Adding a Flask Authentication layer infront of Juptyer
- How to serve Vite development server behind an Nginx reverse proxy
- Configuring HTTPS for Express and Nginx
- PHP-FPM its anatomy
- Kong blocks all IPs when rate-limiting plugin is added