Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

first try to generate cert always fail #4

Open
sherlant opened this issue Apr 25, 2024 · 24 comments
Open

first try to generate cert always fail #4

sherlant opened this issue Apr 25, 2024 · 24 comments

Comments

@sherlant
Copy link

sherlant commented Apr 25, 2024

Hi,

when i use cert-manager-webhook-gandi to create a cert, the first try always fail. And when i use the cert-manger cli to force renew the certificate, this is ok.

I see that the first challenge is ok, but the second fail first time with message :
'Error accepting authorization: acme: authorization error for test2.my-domain.io: 403 urn:ietf:params:acme:error:unauthorized: During secondary validation: Incorrect TXT record "XXXXXXXXXX" found at _acme-challenge.test2.my-domain.io''

I don't understead. I don't have another 403 error when i submit the same cert with the cli, just after the first try.

I don't see anything in logs.

Can you please help me ?

@HND-dev
Copy link

HND-dev commented Nov 26, 2024

I had the same behaviour, any update ?

@goldyfruit
Copy link

I'm getting something very similar.

cert-manager-5b94cc459d-lg8pg cert-manager-controller E1128 17:41:21.927352       1 controller.go:157] "re-queuing item due to error processing" err="unable to create TXT record: failed creating TXT record: <nil>" logger="cert-manager.controller"

@goldyfruit
Copy link

goldyfruit commented Nov 28, 2024

Tried with a new token and I got the same error as @sherlant

cert-manager-5b94cc459d-lg8pg cert-manager-controller E1128 17:57:05.529771       1 controller.go:157] "re-queuing item due to error processing" err="unable to check TXT record: unexpected HTTP status: 403" logger="cert-manager.controller"
  Type     Reason        Age                    From                     Message
  ----     ------        ----                   ----                     -------
  Normal   Started       4m46s                  cert-manager-challenges  Challenge scheduled for processing
  Warning  PresentError  2m18s (x6 over 4m45s)  cert-manager-challenges  Error presenting challenge: unable to check TXT record: unexpected HTTP status: 403

@goldyfruit
Copy link

goldyfruit commented Nov 28, 2024

I think the issue might be related to the "API Key" vs PAT.

image

"API Key":

cert-manager-5b94cc459d-lg8pg cert-manager-controller E1128 17:41:21.927352       1 controller.go:157] "re-queuing item due to error processing" err="unable to create TXT record: failed creating TXT record: <nil>" logger="cert-manager.controller"

PAT:

cert-manager-5b94cc459d-lg8pg cert-manager-controller E1128 17:57:05.529771       1 controller.go:157] "re-queuing item due to error processing" err="unable to check TXT record: unexpected HTTP status: 403" logger="cert-manager.controller"

@goldyfruit
Copy link

If I use Postman or curl I don't have any 403.

@bittermandel
Copy link
Contributor

Sorry for the late comment, I didn't have watch enabled on this repo and completely missed it!

We have not experienced this issue yet. We use a PAT with the following permissions:
image

Also make sure that the rootDomain field is set to the domain that the PAT is created with.

@goldyfruit
Copy link

goldyfruit commented Nov 28, 2024

Thanks @bittermandel for your answer.

I created a PAT with the same permissions.

image

My ClusterIssuer looks like this:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-gandi-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-gandi-prod
    solvers:
    - dns01:
        cnameStrategy: Follow
        webhook:
          groupName: acme.molnett.net
          solverName: gandi
          config:
            rootDomain: mydomain.com
            apiKeySecretRef:
              key: api-token
              name: gandi-credentials

I'm running out of idea.

@bittermandel
Copy link
Contributor

Can you try removing the cnameStrategy field completely and see if it helps?

@goldyfruit
Copy link

goldyfruit commented Nov 28, 2024

Can you try removing the cnameStrategy field completely and see if it helps?

It changed nothing but I deleted all the cert-manager pods and I don't have the 403 anymore.

.verify TXT record is now created automatically via the Gandi API but now cert-manager-controller pod complain about propagation...

cert-manager-5f9bb5869-6hkzz cert-manager-controller E1128 22:21:07.316593       1 sync.go:208] "propagation check failed" err="DNS record for \"app.nvdemo.XXX.XXX\" not yet propagated" logger="cert-manager.controller" resource_name="app.nvdemo-XXX-XXX-tls-1-2897186277-3531888097" resource_namespace="demo" resource_kind="Challenge" resource_version="v1" dnsName="app.nvdemo.XXX.XXX" type="DNS-01"

EDIT: I was using the original repository for years successfully.

@goldyfruit
Copy link

goldyfruit commented Nov 28, 2024

_acme-challenge.app.nvdemo-XXX-XXX DNS TXT record is not created automatically by the webhook?

According to the cert-manager documentation:

The acme stanza defines the configuration for our ACME challenges. Here we have defined the configuration for our DNS challenges which will be used to verify domain ownership. For each domain mentioned in a dns01 stanza, cert-manager will use the provider's credentials from the referenced Issuer to create a TXT record called _acme-challenge. This record will then be verified by the ACME server in order to issue the certificate. Once domain ownership has been verified, any cert-manager affected records will be cleaned up.

@goldyfruit
Copy link

goldyfruit commented Nov 28, 2024

If I create the _acme-challenge.app.nvdemo-XXX-XXX TXT record manually with the key from the cert-manager challenge then the certificate is created.

@bittermandel
Copy link
Contributor

Can you send the full log of the webhook please? or if you can make it reproducible. We changed minor details when we forked to allow CName follows, so it's likely that causing issues.

@bittermandel
Copy link
Contributor

To clarify the rootDomain functionality:
If you are not creating doing acme challenges for a domain which you don't own, you can remove that field and rely on the domain from the ingress.
How it works is that for example, if I set rootDomain to molnett.net, and the ingress domain is test.mltt.io, you get an acme record domain at test_mltt_io.verify.molnett.net.
See https://github.com/molnett/cert-manager-webhook-gandi/blob/main/main.go#L107

If you want to always use the same domain, do not set rootDomain and you would get a record for only the ingress' domain.

@goldyfruit
Copy link

goldyfruit commented Nov 29, 2024

Can you send the full log of the webhook please? or if you can make it reproducible. We changed minor details when we forked to allow CName follows, so it's likely that causing issues.

Steps to reproduce with app.test1.domain.com:

  • Create a new A record in Gandi; app.test1
  • Create an ingress for app.test1.domain.com which request a Let's Encrypt certificated based on the ClusterIssuer from above
  • Check the Gandi console to see new records (only the .verify is created)
  • cert-manager-controller wait for app.test1.domain.com to be propagated but it never happens as _acme-challenge.app.test1 TXT record is never created in Gandi

@bittermandel
Copy link
Contributor

Can you send the full log of the webhook please? or if you can make it reproducible. We changed minor details when we forked to allow CName follows, so it's likely that causing issues.

Steps to reproduce with app.test1.domain.com:

  • Create a new A record in Gandi; app.test1
  • Create an ingress for app.test1.domain.com which request a Let's Encrypt certificated based on the ClusterIssuer from above
  • Check the Gandi console to see new records (only the .verify is created)
  • cert-manager-controller wait for app.test1.domain.com to be propagated but it never happens as _acme-challenge.app.test1 TXT record is never created in Gandi

Thanks!
If you see my comment above, the rootDomain flow will not create the _acme-challenge domain as intended. That flow allows you to put the _acme-challenge domain on another domain, allowing externals to setup domains with cert manager.
Please remove the rootDomain field and see if you progress.

@goldyfruit
Copy link

goldyfruit commented Nov 29, 2024

I tried without rootDoamain and cnameStrategy, here are the logs.

cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:52.356580       1 httplog.go:132] "HTTP" verb="GET" URI="/apis" latency="833.287µs" userAgent="" audit-ID="c45282eb-1b5f-491b-8aff-7229f86103a6" srcIP="10.233.85.128:11295" resp=304
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:41:52.910230       1 trigger_controller.go:223] "Certificate must be re-issued" logger="cert-manager.controller" key="demo/apptest1-smartgic-io-tls" reason="DoesNotExist" message="Issuing certificate as Secret does not exist"
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:41:52.910309       1 conditions.go:203] Setting lastTransitionTime for Certificate "apptest1-smartgic-io-tls" condition "Issuing" to 2024-11-29 14:41:52.910297521 +0000 UTC m=+56275.536155929
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:41:52.911416       1 conditions.go:203] Setting lastTransitionTime for Certificate "apptest1-smartgic-io-tls" condition "Ready" to 2024-11-29 14:41:52.911405711 +0000 UTC m=+56275.537264140
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:41:52.972193       1 controller.go:152] "re-queuing item due to optimistic locking on resource" logger="cert-manager.controller" error="Operation cannot be fulfilled on certificates.cert-manager.io \"apptest1-smartgic-io-tls\": the object has been modified; please apply your changes to the latest version and try again"
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:41:52.972360       1 trigger_controller.go:223] "Certificate must be re-issued" logger="cert-manager.controller" key="demo/apptest1-smartgic-io-tls" reason="DoesNotExist" message="Issuing certificate as Secret does not exist"
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:41:52.972850       1 conditions.go:203] Setting lastTransitionTime for Certificate "apptest1-smartgic-io-tls" condition "Issuing" to 2024-11-29 14:41:52.97283794 +0000 UTC m=+56275.598696366
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:41:54.976238       1 conditions.go:263] Setting lastTransitionTime for CertificateRequest "apptest1-smartgic-io-tls-1" condition "Approved" to 2024-11-29 14:41:54.976216149 +0000 UTC m=+56277.602074559
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:41:55.021571       1 conditions.go:263] Setting lastTransitionTime for CertificateRequest "apptest1-smartgic-io-tls-1" condition "Ready" to 2024-11-29 14:41:55.021543525 +0000 UTC m=+56277.647401926
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:41:55.048283       1 conditions.go:263] Setting lastTransitionTime for CertificateRequest "apptest1-smartgic-io-tls-1" condition "Ready" to 2024-11-29 14:41:55.048262451 +0000 UTC m=+56277.674120845
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:41:55.069857       1 controller.go:152] "re-queuing item due to optimistic locking on resource" logger="cert-manager.controller" error="Operation cannot be fulfilled on certificaterequests.cert-manager.io \"apptest1-smartgic-io-tls-1\": the object has been modified; please apply your changes to the latest version and try again"
cert-manager-5848984665-xnjjx cert-manager-controller W1129 14:41:56.206209       1 warnings.go:70] metadata.finalizers: "finalizer.acme.cert-manager.io": prefer a domain-qualified finalizer name to avoid accidental conflicts with other finalizer writers
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:56.209652       1 handler.go:133] challenge-server: GET "/apis" satisfied by gorestful with webservice /apis
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:56.209800       1 httplog.go:132] "HTTP" verb="GET" URI="/apis" latency="1.031177ms" userAgent="" audit-ID="0be62c24-1ea4-4981-8694-a570c097d722" srcIP="10.233.85.128:11295" resp=304
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:41:56.503152       1 dns.go:90] "presenting DNS01 challenge for domain" logger="cert-manager.controller.Present" resource_name="apptest1-smartgic-io-tls-1-2590334064-1058314615" resource_namespace="demo" resource_kind="Challenge" resource_version="v1" dnsName="app.test1.smartgic.io" type="DNS-01" resource_name="apptest1-smartgic-io-tls-1-2590334064-1058314615" resource_namespace="demo" resource_kind="Challenge" resource_version="v1" domain="app.test1.smartgic.io"
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:56.513668       1 round_trippers.go:553] POST https://10.233.0.1:443/apis/authorization.k8s.io/v1/subjectaccessreviews?timeout=10s 201 Created in 3 milliseconds
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:56.514048       1 handler.go:143] challenge-server: POST "/apis/acme.molnett.net/v1alpha1/gandi" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:56.516500       1 main.go:86] call function Present: namespace=cert-manager, zone=io., fqdn=_acme-challenge.app.test1.smartgic.io.
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:56.516605       1 main.go:95] decoded configuration {{{gandi-credentials} api-token} }
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:56.516642       1 main.go:238] try to load secret `gandi-credentials` with key `api-token`
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:56.522033       1 round_trippers.go:553] GET https://10.233.0.1:443/api/v1/namespaces/cert-manager/secrets/gandi-credentials 200 OK in 5 milliseconds
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:56.522299       1 main.go:115] present for entry=_acme-challenge.app.test1.smartgic, domain=io
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi E1129 14:41:57.530204       1 main.go:132] "CreateTxtRecord failed" err="failed creating TXT record: 404, " entry="_acme-challenge.app.test1.smartgic" domain="io"
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:57.530618       1 trace.go:236] Trace[1658105655]: "Create" accept:application/json, */*,audit-id:afe8d535-c0a7-4672-b994-49c9e822b8d3,client:10.17.2.70,api-group:acme.molnett.net,api-version:v1alpha1,name:,subresource:,namespace:,protocol:HTTP/2.0,resource:gandi,scope:resource,url:/apis/acme.molnett.net/v1alpha1/gandi,user-agent:cert-manager-challenges/v1.16.2 (linux/amd64) cert-manager/33df0f22ab5753b942ce2deb36d7e452bc78e49d,verb:POST (29-Nov-2024 14:41:56.514) (total time: 1016ms):
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1658105655]: ---"limitedReadBody succeeded" len:363 0ms (14:41:56.514)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1658105655]: ---"About to convert to expected version" 0ms (14:41:56.514)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1658105655]: ---"Conversion done" 0ms (14:41:56.514)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1658105655]: ---"About to store object in database" 0ms (14:41:56.514)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1658105655]: ---"Write to database call succeeded" len:363 1015ms (14:41:57.530)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1658105655]: ---"About to write a response" 0ms (14:41:57.530)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1658105655]: ---"Writing http response done" 0ms (14:41:57.530)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1658105655]: [1.016399164s] [1.016399164s] END
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:57.530736       1 httplog.go:132] "HTTP" verb="POST" URI="/apis/acme.molnett.net/v1alpha1/gandi" latency="1.024695401s" userAgent="cert-manager-challenges/v1.16.2 (linux/amd64) cert-manager/33df0f22ab5753b942ce2deb36d7e452bc78e49d" audit-ID="afe8d535-c0a7-4672-b994-49c9e822b8d3" srcIP="10.233.89.128:32065" resp=201
cert-manager-5848984665-xnjjx cert-manager-controller E1129 14:41:57.559180       1 controller.go:157] "re-queuing item due to error processing" err="unable to create TXT record: failed creating TXT record: 404, " logger="cert-manager.controller"
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:41:57.566633       1 dns.go:90] "presenting DNS01 challenge for domain" logger="cert-manager.controller.Present" resource_name="apptest1-smartgic-io-tls-1-2590334064-1058314615" resource_namespace="demo" resource_kind="Challenge" resource_version="v1" dnsName="app.test1.smartgic.io" type="DNS-01" resource_name="apptest1-smartgic-io-tls-1-2590334064-1058314615" resource_namespace="demo" resource_kind="Challenge" resource_version="v1" domain="app.test1.smartgic.io"
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:57.572715       1 handler.go:143] challenge-server: POST "/apis/acme.molnett.net/v1alpha1/gandi" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:57.573024       1 main.go:86] call function Present: namespace=cert-manager, zone=io., fqdn=_acme-challenge.app.test1.smartgic.io.
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:57.573104       1 main.go:95] decoded configuration {{{gandi-credentials} api-token} }
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:57.573139       1 main.go:238] try to load secret `gandi-credentials` with key `api-token`
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:57.579914       1 round_trippers.go:553] GET https://10.233.0.1:443/api/v1/namespaces/cert-manager/secrets/gandi-credentials 200 OK in 6 milliseconds
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:57.580118       1 main.go:115] present for entry=_acme-challenge.app.test1.smartgic, domain=io
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi E1129 14:41:58.546132       1 main.go:132] "CreateTxtRecord failed" err="failed creating TXT record: 404, " entry="_acme-challenge.app.test1.smartgic" domain="io"
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:58.551920       1 trace.go:236] Trace[897521452]: "Create" accept:application/json, */*,audit-id:05467417-d736-4db5-b443-9179fb306ea7,client:10.17.2.70,api-group:acme.molnett.net,api-version:v1alpha1,name:,subresource:,namespace:,protocol:HTTP/2.0,resource:gandi,scope:resource,url:/apis/acme.molnett.net/v1alpha1/gandi,user-agent:cert-manager-challenges/v1.16.2 (linux/amd64) cert-manager/33df0f22ab5753b942ce2deb36d7e452bc78e49d,verb:POST (29-Nov-2024 14:41:57.572) (total time: 979ms):
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897521452]: ---"limitedReadBody succeeded" len:363 0ms (14:41:57.572)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897521452]: ---"About to convert to expected version" 0ms (14:41:57.572)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897521452]: ---"Conversion done" 0ms (14:41:57.572)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897521452]: ---"About to store object in database" 0ms (14:41:57.572)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897521452]: ---"Write to database call succeeded" len:363 973ms (14:41:58.546)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897521452]: ---"About to write a response" 0ms (14:41:58.546)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897521452]: ---"Writing http response done" 5ms (14:41:58.551)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897521452]: [979.047645ms] [979.047645ms] END
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:58.552059       1 httplog.go:132] "HTTP" verb="POST" URI="/apis/acme.molnett.net/v1alpha1/gandi" latency="980.509668ms" userAgent="cert-manager-challenges/v1.16.2 (linux/amd64) cert-manager/33df0f22ab5753b942ce2deb36d7e452bc78e49d" audit-ID="05467417-d736-4db5-b443-9179fb306ea7" srcIP="10.233.89.128:32065" resp=201
cert-manager-5848984665-xnjjx cert-manager-controller E1129 14:41:58.556196       1 controller.go:157] "re-queuing item due to error processing" err="unable to create TXT record: failed creating TXT record: 404, " logger="cert-manager.controller"
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:58.881423       1 reflector.go:800] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:229: Watch close - *v1.ConfigMap total 7 items received
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:41:58.883445       1 round_trippers.go:553] GET https://10.233.0.1:443/api/v1/namespaces/kube-system/configmaps?allowWatchBookmarks=true&fieldSelector=metadata.name%3Dextension-apiserver-authentication&resourceVersion=212384347&timeout=9m11s&timeoutSeconds=551&watch=true 200 OK in 1 milliseconds
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:01.620256       1 handler.go:153] challenge-server: GET "/healthz" satisfied by nonGoRestful
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:01.620291       1 pathrecorder.go:241] challenge-server: "/healthz" satisfied by exact match
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:01.620317       1 handler.go:153] challenge-server: GET "/healthz" satisfied by nonGoRestful
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:01.620332       1 pathrecorder.go:241] challenge-server: "/healthz" satisfied by exact match
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:01.620420       1 httplog.go:132] "HTTP" verb="GET" URI="/healthz" latency="315.027µs" userAgent="kube-probe/1.29" audit-ID="8758da40-2669-415a-8412-03a6c00222a6" srcIP="10.17.2.15:42270" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:01.620442       1 httplog.go:132] "HTTP" verb="GET" URI="/healthz" latency="341.06µs" userAgent="kube-probe/1.29" audit-ID="4191a7ee-c1e4-4c5f-973f-a5bf2cd99ff1" srcIP="10.17.2.15:42268" resp=200
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:42:02.567121       1 dns.go:90] "presenting DNS01 challenge for domain" logger="cert-manager.controller.Present" resource_name="apptest1-smartgic-io-tls-1-2590334064-1058314615" resource_namespace="demo" resource_kind="Challenge" resource_version="v1" dnsName="app.test1.smartgic.io" type="DNS-01" resource_name="apptest1-smartgic-io-tls-1-2590334064-1058314615" resource_namespace="demo" resource_kind="Challenge" resource_version="v1" domain="app.test1.smartgic.io"
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:02.571629       1 handler.go:143] challenge-server: POST "/apis/acme.molnett.net/v1alpha1/gandi" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:02.571846       1 main.go:86] call function Present: namespace=cert-manager, zone=io., fqdn=_acme-challenge.app.test1.smartgic.io.
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:02.571887       1 main.go:95] decoded configuration {{{gandi-credentials} api-token} }
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:02.571902       1 main.go:238] try to load secret `gandi-credentials` with key `api-token`
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:02.577457       1 round_trippers.go:553] GET https://10.233.0.1:443/api/v1/namespaces/cert-manager/secrets/gandi-credentials 200 OK in 5 milliseconds
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:02.577649       1 main.go:115] present for entry=_acme-challenge.app.test1.smartgic, domain=io
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi E1129 14:42:03.518723       1 main.go:132] "CreateTxtRecord failed" err="failed creating TXT record: 404, " entry="_acme-challenge.app.test1.smartgic" domain="io"
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:03.519107       1 trace.go:236] Trace[897430246]: "Create" accept:application/json, */*,audit-id:2df58339-205f-49ee-b25d-4041ae874ebc,client:10.17.2.70,api-group:acme.molnett.net,api-version:v1alpha1,name:,subresource:,namespace:,protocol:HTTP/2.0,resource:gandi,scope:resource,url:/apis/acme.molnett.net/v1alpha1/gandi,user-agent:cert-manager-challenges/v1.16.2 (linux/amd64) cert-manager/33df0f22ab5753b942ce2deb36d7e452bc78e49d,verb:POST (29-Nov-2024 14:42:02.571) (total time: 947ms):
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897430246]: ---"limitedReadBody succeeded" len:363 0ms (14:42:02.571)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897430246]: ---"About to convert to expected version" 0ms (14:42:02.571)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897430246]: ---"Conversion done" 0ms (14:42:02.571)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897430246]: ---"About to store object in database" 0ms (14:42:02.571)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897430246]: ---"Write to database call succeeded" len:363 946ms (14:42:03.518)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897430246]: ---"About to write a response" 0ms (14:42:03.518)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897430246]: ---"Writing http response done" 0ms (14:42:03.519)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[897430246]: [947.338166ms] [947.338166ms] END
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:03.519251       1 httplog.go:132] "HTTP" verb="POST" URI="/apis/acme.molnett.net/v1alpha1/gandi" latency="948.364454ms" userAgent="cert-manager-challenges/v1.16.2 (linux/amd64) cert-manager/33df0f22ab5753b942ce2deb36d7e452bc78e49d" audit-ID="2df58339-205f-49ee-b25d-4041ae874ebc" srcIP="10.233.89.128:32065" resp=201
cert-manager-5848984665-xnjjx cert-manager-controller E1129 14:42:03.522710       1 controller.go:157] "re-queuing item due to error processing" err="unable to create TXT record: failed creating TXT record: 404, " logger="cert-manager.controller"
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:04.192187       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:04.192412       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.8618ms" userAgent="Go-http-client/2.0" audit-ID="ba4c2b79-d85f-488c-ae5f-ca8003715039" srcIP="10.233.89.128:52779" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:04.194489       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:04.194711       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.661072ms" userAgent="Go-http-client/2.0" audit-ID="09cf645b-88df-44b3-b010-4f1019e66351" srcIP="10.233.89.128:52779" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:04.196599       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:04.196751       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:04.196829       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.106699ms" userAgent="Go-http-client/2.0" audit-ID="4ce21f10-ce81-47a0-89c2-a832b6d00d16" srcIP="10.233.89.128:52779" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:04.196926       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.203503ms" userAgent="Go-http-client/2.0" audit-ID="d4680c9b-63d5-498c-92c3-5e81c62a3964" srcIP="10.233.89.128:52779" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:04.197738       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:04.197882       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="829.62µs" userAgent="Go-http-client/2.0" audit-ID="727bbbe3-fdf8-4707-a48f-ac3bd4dadebf" srcIP="10.233.89.128:52779" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:07.075605       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:07.075799       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="847.381µs" userAgent="Go-http-client/2.0" audit-ID="3b712d97-5fce-4e94-8cbb-81b784b5a050" srcIP="10.233.94.128:11480" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:07.076354       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:07.076559       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="884.912µs" userAgent="Go-http-client/2.0" audit-ID="9a2ffdc1-d908-484a-b60b-84acca77515b" srcIP="10.233.94.128:11480" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:07.076797       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:07.076918       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="831.193µs" userAgent="Go-http-client/2.0" audit-ID="4529fc6e-ff04-4366-8b25-d359ebcda212" srcIP="10.233.94.128:11480" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:07.075603       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:07.077260       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="2.732254ms" userAgent="Go-http-client/2.0" audit-ID="a4cd40c5-0f1e-47d5-9400-f01f20b3717c" srcIP="10.233.94.128:11480" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:07.078940       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:07.079990       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="3.057866ms" userAgent="Go-http-client/2.0" audit-ID="225a5680-b8f6-4ee4-b948-2eaee3e19772" srcIP="10.233.94.128:11480" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:11.620057       1 handler.go:153] challenge-server: GET "/healthz" satisfied by nonGoRestful
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:11.620096       1 pathrecorder.go:241] challenge-server: "/healthz" satisfied by exact match
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:11.620228       1 httplog.go:132] "HTTP" verb="GET" URI="/healthz" latency="304.392µs" userAgent="kube-probe/1.29" audit-ID="d350c5e4-ed9c-41c0-b96b-47b3fad49119" srcIP="10.17.2.15:58640" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:11.621336       1 handler.go:153] challenge-server: GET "/healthz" satisfied by nonGoRestful
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:11.621354       1 pathrecorder.go:241] challenge-server: "/healthz" satisfied by exact match
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:11.621510       1 httplog.go:132] "HTTP" verb="GET" URI="/healthz" latency="293.718µs" userAgent="kube-probe/1.29" audit-ID="50d4e1b8-f1c6-42f9-b716-f27753f96b22" srcIP="10.17.2.15:58642" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:21.625253       1 handler.go:153] challenge-server: GET "/healthz" satisfied by nonGoRestful
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:21.625285       1 pathrecorder.go:241] challenge-server: "/healthz" satisfied by exact match
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:21.625482       1 httplog.go:132] "HTTP" verb="GET" URI="/healthz" latency="436.224µs" userAgent="kube-probe/1.29" audit-ID="68e51fa4-7377-4e72-9202-b7c09c9f52cc" srcIP="10.17.2.15:47036" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:21.626272       1 handler.go:153] challenge-server: GET "/healthz" satisfied by nonGoRestful
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:21.626298       1 pathrecorder.go:241] challenge-server: "/healthz" satisfied by exact match
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:21.626430       1 httplog.go:132] "HTTP" verb="GET" URI="/healthz" latency="266.537µs" userAgent="kube-probe/1.29" audit-ID="ec1ab96c-164f-45ae-9208-3959e8d4eba3" srcIP="10.17.2.15:47020" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:22.350642       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:22.350841       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.055501ms" userAgent="Go-http-client/2.0" audit-ID="e389dea4-75f0-4fdd-b633-578a7584f963" srcIP="10.233.85.128:51131" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:22.350870       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:22.350994       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="849.003µs" userAgent="Go-http-client/2.0" audit-ID="7f4b1e2f-c373-4d86-a35b-ab71aa2002db" srcIP="10.233.85.128:51131" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:22.351231       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:22.351337       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:22.351436       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.482527ms" userAgent="Go-http-client/2.0" audit-ID="d48421fb-d950-4bb2-a848-b4c1601e82e7" srcIP="10.233.85.128:51131" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:22.351794       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.145389ms" userAgent="Go-http-client/2.0" audit-ID="24def799-725c-412d-b988-8d1d5a2009e0" srcIP="10.233.85.128:51131" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:22.351796       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:22.351984       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="886.641µs" userAgent="Go-http-client/2.0" audit-ID="19b7e122-235f-4783-bc50-9ee15e6fedf0" srcIP="10.233.85.128:51131" resp=200
cert-manager-5848984665-xnjjx cert-manager-controller I1129 14:42:23.530124       1 dns.go:90] "presenting DNS01 challenge for domain" logger="cert-manager.controller.Present" resource_name="apptest1-smartgic-io-tls-1-2590334064-1058314615" resource_namespace="demo" resource_kind="Challenge" resource_version="v1" dnsName="app.test1.smartgic.io" type="DNS-01" resource_name="apptest1-smartgic-io-tls-1-2590334064-1058314615" resource_namespace="demo" resource_kind="Challenge" resource_version="v1" domain="app.test1.smartgic.io"
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:23.540458       1 round_trippers.go:553] POST https://10.233.0.1:443/apis/authorization.k8s.io/v1/subjectaccessreviews?timeout=10s 201 Created in 4 milliseconds
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:23.540961       1 handler.go:143] challenge-server: POST "/apis/acme.molnett.net/v1alpha1/gandi" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:23.541194       1 main.go:86] call function Present: namespace=cert-manager, zone=io., fqdn=_acme-challenge.app.test1.smartgic.io.
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:23.541258       1 main.go:95] decoded configuration {{{gandi-credentials} api-token} }
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:23.541280       1 main.go:238] try to load secret `gandi-credentials` with key `api-token`
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:23.548105       1 round_trippers.go:553] GET https://10.233.0.1:443/api/v1/namespaces/cert-manager/secrets/gandi-credentials 200 OK in 6 milliseconds
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:23.548364       1 main.go:115] present for entry=_acme-challenge.app.test1.smartgic, domain=io
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi E1129 14:42:24.502917       1 main.go:132] "CreateTxtRecord failed" err="failed creating TXT record: 404, " entry="_acme-challenge.app.test1.smartgic" domain="io"
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:24.503381       1 trace.go:236] Trace[1462995513]: "Create" accept:application/json, */*,audit-id:3eee7bb1-224f-4867-99f4-b296742ee6c4,client:10.17.2.70,api-group:acme.molnett.net,api-version:v1alpha1,name:,subresource:,namespace:,protocol:HTTP/2.0,resource:gandi,scope:resource,url:/apis/acme.molnett.net/v1alpha1/gandi,user-agent:cert-manager-challenges/v1.16.2 (linux/amd64) cert-manager/33df0f22ab5753b942ce2deb36d7e452bc78e49d,verb:POST (29-Nov-2024 14:42:23.541) (total time: 962ms):
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1462995513]: ---"limitedReadBody succeeded" len:363 0ms (14:42:23.541)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1462995513]: ---"About to convert to expected version" 0ms (14:42:23.541)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1462995513]: ---"Conversion done" 0ms (14:42:23.541)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1462995513]: ---"About to store object in database" 0ms (14:42:23.541)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1462995513]: ---"Write to database call succeeded" len:363 961ms (14:42:24.503)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1462995513]: ---"About to write a response" 0ms (14:42:24.503)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1462995513]: ---"Writing http response done" 0ms (14:42:24.503)
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi Trace[1462995513]: [962.239051ms] [962.239051ms] END
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:24.503594       1 httplog.go:132] "HTTP" verb="POST" URI="/apis/acme.molnett.net/v1alpha1/gandi" latency="968.845591ms" userAgent="cert-manager-challenges/v1.16.2 (linux/amd64) cert-manager/33df0f22ab5753b942ce2deb36d7e452bc78e49d" audit-ID="3eee7bb1-224f-4867-99f4-b296742ee6c4" srcIP="10.233.89.128:32065" resp=201
cert-manager-5848984665-xnjjx cert-manager-controller E1129 14:42:24.506891       1 controller.go:157] "re-queuing item due to error processing" err="unable to create TXT record: failed creating TXT record: 404, " logger="cert-manager.controller"
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:31.619967       1 handler.go:153] challenge-server: GET "/healthz" satisfied by nonGoRestful
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:31.619996       1 pathrecorder.go:241] challenge-server: "/healthz" satisfied by exact match
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:31.620127       1 httplog.go:132] "HTTP" verb="GET" URI="/healthz" latency="362.223µs" userAgent="kube-probe/1.29" audit-ID="2a38a657-17ce-4aa4-a370-baab3197523d" srcIP="10.17.2.15:51750" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:31.621216       1 handler.go:153] challenge-server: GET "/healthz" satisfied by nonGoRestful
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:31.621235       1 pathrecorder.go:241] challenge-server: "/healthz" satisfied by exact match
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:31.621317       1 httplog.go:132] "HTTP" verb="GET" URI="/healthz" latency="180.814µs" userAgent="kube-probe/1.29" audit-ID="1c31f332-48f0-48e7-b4a1-70c4515bdfa2" srcIP="10.17.2.15:51752" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:34.193958       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:34.194192       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.309661ms" userAgent="Go-http-client/2.0" audit-ID="cf66f47d-bb8d-4088-b161-2ea8705a4299" srcIP="10.233.89.128:52779" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:34.194474       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:34.194652       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="894.229µs" userAgent="Go-http-client/2.0" audit-ID="d9a45d8c-4ceb-459c-9569-10d9c6a65d0c" srcIP="10.233.89.128:52779" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:34.195486       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:34.195685       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="878.759µs" userAgent="Go-http-client/2.0" audit-ID="d94a3554-cd7c-4e22-80a6-9c39e4243487" srcIP="10.233.89.128:52779" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:34.196565       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:34.196935       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.112311ms" userAgent="Go-http-client/2.0" audit-ID="66bba0b9-c477-4ace-8f74-b84b5c384ca2" srcIP="10.233.89.128:52779" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:34.198593       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:34.198873       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.792044ms" userAgent="Go-http-client/2.0" audit-ID="c4b11580-d255-4167-bd09-442ac9420b04" srcIP="10.233.89.128:52779" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:37.074819       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:37.074852       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:37.074819       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:37.075059       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.00214ms" userAgent="Go-http-client/2.0" audit-ID="7cedfdd8-6a8e-4c8d-8717-6ccff6c90b01" srcIP="10.233.94.128:11480" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:37.075129       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.247093ms" userAgent="Go-http-client/2.0" audit-ID="3248d1a1-0c21-469f-a72c-feec73585214" srcIP="10.233.94.128:11480" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:37.075243       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="1.151984ms" userAgent="Go-http-client/2.0" audit-ID="fae020ab-5952-42bd-899d-e488e2016a78" srcIP="10.233.94.128:11480" resp=200
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:37.075280       1 handler.go:143] challenge-server: GET "/apis/acme.molnett.net/v1alpha1" satisfied by gorestful with webservice /apis/acme.molnett.net/v1alpha1
cert-manager-webhook-gandi-5df6d855c7-cn944 cert-manager-webhook-gandi I1129 14:42:37.075390       1 httplog.go:132] "HTTP" verb="GET" URI="/apis/acme.molnett.net/v1alpha1" latency="827.384µs" userAgent="Go-http-client/2.0" audit-ID="56824083-4fd3-4101-a321-39beed02dc71" srcIP="10.233.94.128:11480" resp=200

Here are the Kubernetes evens related to the challenge.

Events:
  Type     Reason        Age                 From                     Message
  ----     ------        ----                ----                     -------
  Normal   Started       3m10s               cert-manager-challenges  Challenge scheduled for processing
  Warning  PresentError  40s (x6 over 3m9s)  cert-manager-challenges  Error presenting challenge: unable to create TXT record: failed creating TXT record: 404,

@bittermandel
Copy link
Contributor

That is very helpful, thank you! I will have to make a patch to fix that. You can revert to an older version if you’d like to progress before I’m able to fix it.

@goldyfruit
Copy link

That is very helpful, thank you! I will have to make a patch to fix that. You can revert to an older version if you’d like to progress before I’m able to fix it.

Thanks @bittermandel 👍

@goldyfruit
Copy link

goldyfruit commented Dec 9, 2024

Just a quick addition:

image

@goldyfruit
Copy link

You can revert to an older version if you’d like to progress before I’m able to fix it.

Which commit do you recommend to use?

@goldyfruit
Copy link

goldyfruit commented Jan 1, 2025

Just got an outage on few services because of the expired certificates... I can't go back to the previous version as Gandi doesn't support API key anymore. 😱

@bittermandel
Copy link
Contributor

Just got an outage on few services because of the expire certificates... I can't go back to the previous version as Gandi doesn't support API key anymore. 😱

I'm very sorry about that! 🙏🏻
I still have not found any time to fix this issue, so for now the only way forward is looking into providing a fix yourself or solve it through other means for now. Moving to a registrar supported by upstream (https://cert-manager.io/docs/configuration/acme/dns01/) would probably be a good idea!

@goldyfruit
Copy link

Just got an outage on few services because of the expire certificates... I can't go back to the previous version as Gandi doesn't support API key anymore. 😱

I'm very sorry about that! 🙏🏻 I still have not found any time to fix this issue, so for now the only way forward is looking into providing a fix yourself or solve it through other means for now. Moving to a registrar supported by upstream (https://cert-manager.io/docs/configuration/acme/dns01/) would probably be a good idea!

No worries, I should have done that earlier. 👍
Migrating to Cloudflare is in progress.

@goldyfruit
Copy link

MIgrated, all services are back to normal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants