0

I have a software with Helm. I'm running Letsencrypt here. But when I looked with kubectl get secret, I saw that random characters were generated at the end of the certName that I assigned in my yaml file, and it seems like the certificate is not working because of this. But if I do this setup outside of helm, it works without any problems.

  tls:
  {{- range .Values.ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . | quote }}
      {{- end }}
      secretName: test-tls
  {{- end }}

kubectl get secret

test-tls-nrtx9        Opaque      3      14m
James001
  • 77
  • 8

1 Answers1

1

The random string means the cert is not yet issued. It is a temporary secret. Once cert manager was able to get the certificate, it will remove this secret and create one without the random suffix.

Check on your certificate instead. In your case, its ready field will be false, but it must be true.

kubectl get certs

I suggest checking the cert manager logs, to see why It could not issue the certificate.

The Fool
  • 16,715
  • 5
  • 52
  • 86
  • Thanks. It 's false. I collected the below log. – James001 May 20 '22 at 10:50
  • `E0520 11:36:21.601040 1 sync.go:186] cert-manager/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request 'http://example.com/.well-known/acme-challenge/TygLPwrwbYZHRdEm41_PRhrXqO78ZnLV7hsYi4xHSJQ': Get \"https://example.com:443/.well-known/acme-challenge/TygLPwrwbYZHRdEm41_PRhrXqO78ZnLV7hsYi4xHSJQ\": remote error: tls: unrecognized name" "dnsName"="example.com" "resource_kind"="Challenge" "resource_name"="test-tls-jb445-1469648712-2570026397" "resource_namespace"="default" "resource_version"="v1" "type"="HTTP-01" ` – James001 May 20 '22 at 11:37
  • @James001, I dont know what that means or how to fix it. Here hand someone the same problem https://stackoverflow.com/questions/71181517/cert-manager-remote-error-tls-unrecognized-name-errors. You could also ask in the cert manager slack group. – The Fool May 21 '22 at 08:12