Skip to content

Instantly share code, notes, and snippets.

@torsten-online

torsten-online/Kubernetes_DNS01_Resolving.md

Created January 23, 2025 23:10
Show Gist options
  • Save torsten-online/f42b97bd2d56d3642801a11ccc505bdd to your computer and use it in GitHub Desktop.
Save torsten-online/f42b97bd2d56d3642801a11ccc505bdd to your computer and use it in GitHub Desktop.
Download ZIP
Cert-Manager DNS Resolving issue at Rancher Kubernetes Management Environment
Raw
Kubernetes_DNS01_Resolving.md

Howto to fix regular occuring DNS Issue by using Cert-Manager and Rancher

IT can be happen sometimes, that the Issuer or Cluster Issuer can not be registred to the DNS01 / Cloudflare challenge..

Did you already had this strange error message?

Get "https://acme-v02.api.letsencrypt.org/directory": tls: failed to verify certificate: x509: certificate is valid for ingress.local, not acme-v02.api.letsencrypt.org

Confused? So, I think you get really confused.... and maybe you think, that there is an dns issue at your cluster...

I fixed the problem by reading the docs and specified directly the DNS Servers to my cert-manager deployment!

The stupid fix is available here:

helm setting extraArgs needs to be used:

--set 'extraArgs={--dns01-recursive-nameservers-only,--dns01-recursive-nameservers=8.8.8.8:53\,1.1.1.1:53}'

Full deployment of cert-manager over helm:

helm upgrade cert-manager jetstack/cert-manager   --namespace cert-manager   --create-namespace   --set crds.enabled=true --set 'extraArgs={--dns01-recursive-nameservers-only,--dns01-recursive-nameservers=8.8.8.8:53\,1.1.1.1:53}'

Whats important to know

I recommend to read the cert-manager docs! :-)

DNS will be first checked before the DNS01 Challenge will be done: Cert-Manager-Docs-DNS01

Have a lot fun with Cert-Manager and Rancher

Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment