我的letsencrypt 订单一直处于待处理状态。我在我的单节点 kubernetes 平面上使用 cert-manager。我也在使用letsencrypt。
kind: Certificate
metadata:
name: example-zone
namespace: default
spec:
secretName: example-zone-tls
renewBefore: 360h # 15d
commonName: example.zone
dnsNames:
- example.zone
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
输出:
pascal$ kubectl get cert,order
NAME READY SECRET AGE
certificate.certmanager.k8s.io/example-zone False example-zone-tls 79m
NAME STATE AGE
order.certmanager.k8s.io/example-zone-2971070786 pending 77m
收到的事件:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning NoMatchingSolver 15s cert-manager Failed to create challenge for domain "example.zone": no configured challenge solvers can be used for this challenge
应该颁发证书,但我认为它挂在我的 haproxy 中。没有错误,我不完全知道如何使用 haproxy 来暴露 acme 挑战,有人可以解释一下吗?
我的集群发行者:
pascal$ kubectl describe clusterissuer letsencrypt-prod
Name: letsencrypt-prod
Namespace: # yep, it's empty!?
Labels: <none>
API Version: certmanager.k8s.io/v1alpha1
Kind: ClusterIssuer
Spec:
Acme:
Email: <my-real-mail>
Http 01:
Ingress Class: haproxy
Private Key Secret Ref:
Name: letsencrypt-prod
Server: https://acme-v02.api.letsencrypt.org/directory
Status:
Acme:
Last Registered Email: <my-real-mail>
Uri: https://acme-v02.api.letsencrypt.org/acme/acct/<hash>
Conditions:
Last Transition Time: 2019-08-17T11:49:05Z
Message: The ACME account was registered with the ACME server
Reason: ACMEAccountRegistered
Status: True
Type: Ready
Events: <none>