Fix ZeroSSL configuration
A ZeroSSL configuration for CI was merged into main
, but it doesn't work yet. Here's the relevant cert-manager logs:
I1129 15:36:11.952016 1 setup.go:111] cert-manager/controller/clusterissuers "msg"="generating acme account private key" "related_resource_kind"="Secret" "related_resource_name"="zerossl-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="zerossl-issuer" "resource_namespace"="" "resource_version"="v1"
I1129 15:36:12.839796 1 setup.go:219] cert-manager/controller/clusterissuers "msg"="ACME server URL host and ACME private key registration host differ. Re-checking ACME account registration" "related_resource_kind"="Secret" "related_resource_name"="zerossl-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="zerossl-issuer" "resource_namespace"="" "resource_version"="v1"
E1129 15:36:13.022144 1 setup.go:259] cert-manager/controller/clusterissuers "msg"="failed to register an ACME account" "error"="504 : <html>\r\n<head><title>504 Gateway Time-out</title></head>\r\n<body>\r\n<center><h1>504 Gateway Time-out</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n" "related_resource_kind"="Secret" "related_resource_name"="zerossl-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="zerossl-issuer" "resource_namespace"="" "resource_version"="v1"
I1129 15:36:13.022238 1 conditions.go:95] Setting lastTransitionTime for Issuer "zerossl-issuer" condition "Ready" to 2021-11-29 15:36:13.022231136 +0000 UTC m=+20.585108328
E1129 15:36:13.022346 1 sync.go:60] cert-manager/controller/clusterissuers "msg"="error setting up issuer" "error"="504 : <html>\r\n<head><title>504 Gateway Time-out</title></head>\r\n<body>\r\n<center><h1>504 Gateway Time-out</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n" "resource_kind"="ClusterIssuer" "resource_name"="zerossl-issuer" "resource_namespace"="" "resource_version"="v1"
E1129 15:36:13.037779 1 controller.go:163] cert-manager/controller/clusterissuers "msg"="re-queuing item due to error processing" "error"="504 : <html>\r\n<head><title>504 Gateway Time-out</title></head>\r\n<body>\r\n<center><h1>504 Gateway Time-out</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n" "key"="zerossl-issuer"
and kubectl describe clusterissuer zerossl
:
Name: zerossl-issuer
Namespace:
Labels: <none>
Annotations: <none>
API Version: cert-manager.io/v1
Kind: ClusterIssuer
Metadata:
Creation Timestamp: 2021-11-29T15:36:11Z
Generation: 1
Managed Fields:
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:acme:
.:
f:externalAccountBinding:
.:
f:keyAlgorithm:
f:keyID:
f:keySecretRef:
.:
f:key:
f:name:
f:privateKeySecretRef:
.:
f:name:
f:server:
f:solvers:
Manager: kubectl-client-side-apply
Operation: Update
Time: 2021-11-29T15:36:11Z
API Version: cert-manager.io/v1
Fields Type: FieldsV1
fieldsV1:
f:status:
.:
f:acme:
f:conditions:
Manager: controller
Operation: Update
Time: 2021-11-29T15:36:13Z
Resource Version: 1482
UID: 2c9201d6-cdef-4086-a9c8-10a0fc0a6301
Spec:
Acme:
External Account Binding:
Key Algorithm: HS256
Key ID: YEH34ghtuI35FgvA7skVWw
Key Secret Ref:
Key: secret
Name: zerossl-eabsecret
Preferred Chain:
Private Key Secret Ref:
Name: zerossl-prod
Server: https://acme.zerossl.com/v2/DV90
Solvers:
http01:
Ingress:
Class: nginx
Status:
Acme:
Conditions:
Last Transition Time: 2021-11-29T15:36:13Z
Message: Failed to register ACME account: 400 urn:ietf:params:acme:error:malformed: [External Account Binding] The account is not awaiting external account binding
Observed Generation: 1
Reason: ErrRegisterACMEAccount
Status: False
Type: Ready
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning ErrInitIssuer 22m (x3 over 22m) cert-manager Error initializing issuer: 504 : <html>
<head><title>504 Gateway Time-out</title></head>
<body>
<center><h1>504 Gateway Time-out</h1></center>
<hr><center>nginx</center>
</body>
</html>
Edited by Maarten de Waard