我正在尝试通过 cert-manager 为我的域创建一个通配符证书。
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ipa
spec:
# Secret names are always required.
secretName: ipa-tls
duration: 2160h # 90d
renewBefore: 360h # 15d
subject:
organizations:
- example
dnsNames:
- example.com
- '*.example.com'
issuerRef:
name: letsencrypt-staging-dns
kind: ClusterIssuer
但是当我尝试这个时,cert-manager pod 显示错误
E1023 21:59:17.992812 1 controller.go:158] cert-manager/controller/challenges “msg”=“由于处理错误而重新排队项目” “error”=“在 CloudFlare 中未找到域 _acme-challenge.example.com 的区域 com。” “key”=“wfs/ipa-m8tgc-3507745176-457016601”
这个错误到底是什么?顶层example.com和通配符*.example.com都指向同一个 IP 地址。
编辑-添加了发行人 yaml
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-staging-dns
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: <redacted>
privateKeySecretRef:
name: letsencrypt-staging-dns
solvers:
- dns01:
cloudflare:
email: <redacted>
apiTokenSecretRef:
name: cloudflare-api-key
key: api-token