个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
25
4
我正在尝试获取 Let's Encrypt 颁发的证书,已经过了 3 个半小时。
我最初不小心将我的 secretName 设置为“echo-tls”,然后再将其切换为我想要使用的正确“pandaist-tls”。
我目前有这个:
kubectl get CertificateRequest -o wide
NAME READY ISSUER STATUS AGE
pandaist-tls-1926992011 False letsencrypt-prod Waiting on certificate issuance from order default/pandaist-tls-1926992011-2163900139: "pending" 3h26m
Deployment kubectl describe CertificateRequest pandaist-tls-1926992011
Name: pandaist-tls-1926992011
Namespace: default
Labels: <none>
Annotations: cert-manager.io/certificate-name: pandaist-tls
cert-manager.io/private-key-secret-name: pandaist-tls
API Version: cert-manager.io/v1alpha2
Kind: CertificateRequest
Metadata:
Creation Timestamp: 2020-04-07T15:41:13Z
Generation: 1
Owner References:
API Version: cert-manager.io/v1alpha2
Block Owner Deletion: true
Controller: true
Kind: Certificate
Name: pandaist-tls
UID: 25c3ff31-447f-4abf-a23e-ec48f5a591a9
Resource Version: 500795
Self Link: /apis/cert-manager.io/v1alpha2/namespaces/default/certificaterequests/pandaist-tls-1926992011
UID: 8295836d-fb99-4ebf-8803-a344d6edb574
Spec:
Csr: ABUNCHOFVALUESTHATIWILLNOTDESCRIBE
Issuer Ref:
Group: cert-manager.io
Kind: ClusterIssuer
Name: letsencrypt-prod
Status:
Conditions:
Last Transition Time: 2020-04-07T15:41:13Z
Message: Waiting on certificate issuance from order default/pandaist-tls-1926992011-2163900139: "pending"
Reason: Pending
Status: False
Type: Ready
Events: <none>
I0407 19:01:35.499469 1 service.go:43] cert-manager/controller/challenges/http01/selfCheck/http01/ensureService "level"=0 "msg"="found one existing HTTP01 solver Service for challenge resource" "dnsName"="pandaist.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-2fp58" "related_resource_namespace"="default" "resource_kind"="Challenge" "resource_name"="pandaist-tls-1926992011-2163900139-2157075729" "resource_namespace"="default" "type"="http-01"
I0407 19:01:35.499513 1 service.go:43] cert-manager/controller/challenges/http01/selfCheck/http01/ensureService "level"=0 "msg"="found one existing HTTP01 solver Service for challenge resource" "dnsName"="auth.pandaist.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-xhjsr" "related_resource_namespace"="default" "resource_kind"="Challenge" "resource_name"="pandaist-tls-1926992011-2163900139-832917849" "resource_namespace"="default" "type"="http-01"
I0407 19:01:35.499534 1 ingress.go:91] cert-manager/controller/challenges/http01/selfCheck/http01/ensureIngress "level"=0 "msg"="found one existing HTTP01 solver ingress" "dnsName"="pandaist.com" "related_resource_kind"="Ingress" "related_resource_name"="cm-acme-http-solver-pd9fh" "related_resource_namespace"="default" "resource_kind"="Challenge" "resource_name"="pandaist-tls-1926992011-2163900139-2157075729" "resource_namespace"="default" "type"="http-01"
I0407 19:01:35.499578 1 ingress.go:91] cert-manager/controller/challenges/http01/selfCheck/http01/ensureIngress "level"=0 "msg"="found one existing HTTP01 solver ingress" "dnsName"="auth.pandaist.com" "related_resource_kind"="Ingress" "related_resource_name"="cm-acme-http-solver-b6zr2" "related_resource_namespace"="default" "resource_kind"="Challenge" "resource_name"="pandaist-tls-1926992011-2163900139-832917849" "resource_namespace"="default" "type"="http-01"
E0407 19:03:46.571074 1 sync.go:184] cert-manager/controller/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request 'http://pandaist.com/.well-known/acme-challenge/6Wduj2Ejr59OZ9SFy_Rw4jnozE50xspK-a5OIvCwYsc': Get http://pandaist.com/.well-known/acme-challenge/6Wduj2Ejr59OZ9SFy_Rw4jnozE50xspK-a5OIvCwYsc: dial tcp 178.128.132.218:80: connect: connection timed out" "dnsName"="pandaist.com" "resource_kind"="Challenge" "resource_name"="pandaist-tls-1926992011-2163900139-2157075729" "resource_namespace"="default" "type"="http-01"
E0407 19:03:46.571109 1 sync.go:184] cert-manager/controller/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request 'http://auth.pandaist.com/.well-known/acme-challenge/gO91--fK0SGG15aS3ALOHXXYtCSly2Q9pbVO8OJW2aE': Get http://auth.pandaist.com/.well-known/acme-challenge/gO91--fK0SGG15aS3ALOHXXYtCSly2Q9pbVO8OJW2aE: dial tcp 178.128.132.218:80: connect: connection timed out" "dnsName"="auth.pandaist.com" "resource_kind"="Challenge" "resource_name"="pandaist-tls-1926992011-2163900139-832917849" "resource_namespace"="default" "type"="http-01"
I0407 19:03:46.571382 1 controller.go:135] cert-manager/controller/challenges "level"=0 "msg"="finished processing work item" "key"="default/pandaist-tls-1926992011-2163900139-832917849"
I0407 19:03:46.571528 1 controller.go:129] cert-manager/controller/challenges "level"=0 "msg"="syncing item" "key"="default/pandaist-tls-1926992011-2163900139-832917849"
I0407 19:03:46.571193 1 controller.go:135] cert-manager/controller/challenges "level"=0 "msg"="finished processing work item" "key"="default/pandaist-tls-1926992011-2163900139-2157075729"
I0407 19:03:46.572009 1 controller.go:129] cert-manager/controller/challenges "level"=0 "msg"="syncing item" "key"="default/pandaist-tls-1926992011-2163900139-2157075729"
I0407 19:03:46.572338 1 pod.go:58] cert-manager/controller/challenges/http01/selfCheck/http01/ensurePod "level"=0 "msg"="found one existing HTTP01 solver pod" "dnsName"="auth.pandaist.com" "related_resource_kind"="Pod" "related_resource_name"="cm-acme-http-solver-scqtx" "related_resource_namespace"="default" "resource_kind"="Challenge" "resource_name"="pandaist-tls-1926992011-2163900139-832917849" "resource_namespace"="default" "type"="http-01"
I0407 19:03:46.572600 1 service.go:43] cert-manager/controller/challenges/http01/selfCheck/http01/ensureService "level"=0 "msg"="found one existing HTTP01 solver Service for challenge resource" "dnsName"="auth.pandaist.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-xhjsr" "related_resource_namespace"="default" "resource_kind"="Challenge" "resource_name"="pandaist-tls-1926992011-2163900139-832917849" "resource_namespace"="default" "type"="http-01"
I0407 19:03:46.572860 1 ingress.go:91] cert-manager/controller/challenges/http01/selfCheck/http01/ensureIngress "level"=0 "msg"="found one existing HTTP01 solver ingress" "dnsName"="auth.pandaist.com" "related_resource_kind"="Ingress" "related_resource_name"="cm-acme-http-solver-b6zr2" "related_resource_namespace"="default" "resource_kind"="Challenge" "resource_name"="pandaist-tls-1926992011-2163900139-832917849" "resource_namespace"="default" "type"="http-01"
I0407 19:03:46.573128 1 pod.go:58] cert-manager/controller/challenges/http01/selfCheck/http01/ensurePod "level"=0 "msg"="found one existing HTTP01 solver pod" "dnsName"="pandaist.com" "related_resource_kind"="Pod" "related_resource_name"="cm-acme-http-solver-jn65v" "related_resource_namespace"="default" "resource_kind"="Challenge" "resource_name"="pandaist-tls-1926992011-2163900139-2157075729" "resource_namespace"="default" "type"="http-01"
I0407 19:03:46.573433 1 service.go:43] cert-manager/controller/challenges/http01/selfCheck/http01/ensureService "level"=0 "msg"="found one existing HTTP01 solver Service for challenge resource" "dnsName"="pandaist.com" "related_resource_kind"="Service" "related_resource_name"="cm-acme-http-solver-2fp58" "related_resource_namespace"="default" "resource_kind"="Challenge" "resource_name"="pandaist-tls-1926992011-2163900139-2157075729" "resource_namespace"="default" "type"="http-01"
I0407 19:03:46.573749 1 ingress.go:91] cert-manager/controller/challenges/http01/selfCheck/http01/ensureIngress "level"=0 "msg"="found one existing HTTP01 solver ingress" "dnsName"="pandaist.com" "related_resource_kind"="Ingress" "related_resource_name"="cm-acme-http-solver-pd9fh" "related_resource_namespace"="default" "resource_kind"="Challenge" "resource_name"="pandaist-tls-1926992011-2163900139-2157075729" "resource_namespace"="default" "type"="http-01"
I0407 15:34:37.115159 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="validatingwebhookconfiguration" "request"={"Namespace":"","Name":"cert-manager-webhook"}
I0407 15:34:37.118246 1 controller.go:170] cert-manager/inject-controller "level"=1 "msg"="updated object" "resource_kind"="ValidatingWebhookConfiguration" "resource_name"="cert-manager-webhook" "resource_namespace"=""
I0407 15:34:37.118520 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="validatingwebhookconfiguration" "request"={"Namespace":"","Name":"cert-manager-webhook"}
I0407 15:34:37.119415 1 sources.go:176] cert-manager/inject-controller "level"=0 "msg"="Extracting CA from Secret resource" "resource_kind"="ValidatingWebhookConfiguration" "resource_name"="cert-manager-webhook" "resource_namespace"="" "secret"="cert-manager/cert-manager-webhook-tls"
I0407 15:34:37.120959 1 controller.go:170] cert-manager/inject-controller "level"=1 "msg"="updated object" "resource_kind"="MutatingWebhookConfiguration" "resource_name"="cert-manager-webhook" "resource_namespace"=""
I0407 15:34:37.121399 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="mutatingwebhookconfiguration" "request"={"Namespace":"","Name":"cert-manager-webhook"}
I0407 15:34:37.124545 1 controller.go:170] cert-manager/inject-controller "level"=1 "msg"="updated object" "resource_kind"="ValidatingWebhookConfiguration" "resource_name"="cert-manager-webhook" "resource_namespace"=""
I0407 15:34:37.125160 1 controller.go:242] cert-manager/controller-runtime/controller "level"=1 "msg"="Successfully Reconciled" "controller"="validatingwebhookconfiguration" "request"={"Namespace":"","Name":"cert-manager-webhook"}
E0407 16:19:36.762436 1 indexers.go:93] cert-manager/secret-for-certificate-mapper "msg"="unable to fetch certificate that owns the secret" "error"="Certificate.cert-manager.io \"echo-tls\" not found" "certificate"={"Namespace":"default","Name":"echo-tls"} "secret"={"Namespace":"default","Name":"echo-tls"}
E0407 16:19:36.762573 1 indexers.go:93] cert-manager/secret-for-certificate-mapper "msg"="unable to fetch certificate that owns the secret" "error"="Certificate.cert-manager.io \"echo-tls\" not found" "certificate"={"Namespace":"default","Name":"echo-tls"} "secret"={"Namespace":"default","Name":"echo-tls"}
E0407 16:19:36.762753 1 indexers.go:93] cert-manager/secret-for-certificate-mapper "msg"="unable to fetch certificate that owns the secret" "error"="Certificate.cert-manager.io \"echo-tls\" not found" "certificate"={"Namespace":"default","Name":"echo-tls"} "secret"={"Namespace":"default","Name":"echo-tls"}
E0407 16:19:36.762766 1 indexers.go:93] cert-manager/secret-for-certificate-mapper "msg"="unable to fetch certificate that owns the secret" "error"="Certificate.cert-manager.io \"echo-tls\" not found" "certificate"={"Namespace":"default","Name":"echo-tls"} "secret"={"Namespace":"default","Name":"echo-tls"}
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: pandaist-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- hosts:
- pandaist.com
- auth.pandaist.com
secretName: pandaist-tls
rules:
- host: pandaist.com
http:
paths:
- backend:
serviceName: pandaist-main
servicePort: 80
- host: auth.pandaist.com
http:
paths:
- backend:
serviceName: pandaist-keycloak
servicePort: 80
最佳答案
由于负载均衡器在 Digital Ocean 上的工作方式存在错误:
https://www.digitalocean.com/community/questions/how-do-i-correct-a-connection-timed-out-error-during-http-01-challenge-propagation-with-cert-manager
这将解决问题:
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
annotations:
# See https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/examples/README.md#accessing-pods-over-a-managed-load-balancer-from-inside-the-cluster
service.beta.kubernetes.io/do-loadbalancer-hostname: "kube.mydomain.com"
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
externalTrafficPolicy: Local
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
关于ssl - Let's Encrypt 证书颁发,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61087737/
25
4
0
关闭。这个问题需要多问focused 。目前不接受答案。 想要改进此问题吗?更新问题,使其仅关注一个问题 editing this post . 已关闭 8 年前。 Improve this ques
我heard “PKCS#1 v2.0 加密通常称为 OAEP 加密”。 在我的项目中使用它之前,我需要某种“官方”文档来说明这一点。我试图找到它但没有成功。知道在哪里可以找到吗? 谢谢! (顺便说一
已锁定。这个问题及其答案是locked因为这个问题是题外话,但却具有历史意义。目前不接受新的答案或互动。 来自:加密公司 收件人:x$*sj4(就是你) 如果您选择接受的话,您的任务是用最短的击键次数
我正在使用带有 docker/docker compose 和 traefik 的 ubuntu 18.04.1 LTS。使用暂存 Let's Encrypt caserver ( https://a
我目前正在完成一篇关于通过各种密码算法加密数据的论文。 我花了很多时间阅读期刊和论文,但还没有找到任何关于它们的性能复杂性的记录。 有人知道以下算法的 Big-O 复杂度吗? RSA DES 三重 D
我正在为嵌入式系统(微 Controller )编写固件。固件可以通过引导加载程序(也是我编写的)进行更新。 现在需要采取措施防止固件被操纵,因此系统必须仅执行具有某种有效签名的下载固件。 固件文件已
我试图了解加密(“受密码保护”)Office 2007 文档(特别是 Excel 文档)的捆绑方式。我正在试验一个已知的、受密码保护的电子表格。 当我解压 XLSX 文件时,我遇到了三个条目: [6]
K8s对encrypt secret data具有此功能,这需要修改kube-apiserver配置,我如何在GKE中做到这一点? 最佳答案 简短的答案是,你不能。 Kubernetes Engine
我正在使用 ENCRYPT() 函数在 mysql 中存储一个字符串。我想获取匹配该字符串的行,但新的 ENCRYPT() 调用给了我一个不同的值,因此它们永远不会匹配。 这是预期的,因为我没有(也不
在带有 Python 2.7 和 GPG4Win v2.2.0 的 Windows 7 上使用 python-gnupg v0.3.5 test_gnupg.py 导致 2 次失败: Test tha
我尝试兼容 C# 和 Java 的加密/解密。 据我所知,默认模式在 Java 中是“ecb/pkcs5”,在 C# 中是“cbc/pkcs7”。 所以我匹配这些东西。 第一个问题是 PKCS7 和
我使用 SwiftyRSA 使用带有 PKCS1 填充的公钥加密字符串。不幸的是,当我用 Java 解密我的加密字符串时,我发现了 BadPadding: Encryption Error。到目前
比特币是一种匿名的加密数字货币。几个月前我有了加密文件的想法,其中需要比特币的支出证明才能解密文件。当比特币被发送到给定地址时,它会显示在分布在对等网络中的块文件中。区块链的完整性是通过需要大量计算机
我有一个类,我试图用依赖注入(inject)替换 Crypt::encrypt 的外观用法: encrypter= $encrypter; }
我想使用带有 RSA 算法的 OpenSSL 使用私钥加密文件: openssl rsautl -in txt.txt -out txt2.txt -inkey private.pem -encryp
我在 TCL 中使用 DES 来加密一些短语,我想将这些加密的短语存储在一些我需要轻松操作的 ascii 文件中。因此,我希望“加密短语”仅由标准 ascii 字符构成(最好没有空格)。 我正在使用类
我在 TCL 中使用 DES 来加密一些短语,我想将这些加密的短语存储在一些我需要轻松操作的 ascii 文件中。因此,我希望“加密短语”仅由标准 ascii 字符构成(最好没有空格)。 我正在使用类
我对Android平台不同的数据存储加密机制有点困惑。据我了解: 全盘加密影响整个/data 磁盘并且只能是由用户激活/停用。 ( https://source.android.com/securit
我正在使用 Lumberjack 作为日志记录平台(Objective C/Swift)有没有办法将日志加密写入文件? 如果是,那么任何例子都是有用的 另外,之后如何读取加密后的日志 密集型日志记录是
我确定这是一个典型的场景,但我找不到合适的步骤顺序。 我有一个运行 Apache 的 www.example.com 服务器(比如)1.1.1.1。我正在使用 Caddy 在 2.2.2.2 上构建一
我是一名优秀的程序员,十分优秀!