use alidns error

[Hello-Linux]

First my cert-manager version is v1.3.1
The log is show blew

kubectl describe certificate public-tls --namespace=harbor                      ✔  kubernetes-admin-c52a2452dbc28495f9b909786e0de661a ⎈  root@wangjun-frdora 
Name:         public-tls
Namespace:    harbor
Labels:       <none>
Annotations:  API Version:  cert-manager.io/v1
Kind:         Certificate
Metadata:
  Creation Timestamp:  2021-05-11T07:27:18Z
  Generation:          1
  Managed Fields:
    API Version:  cert-manager.io/v1alpha2
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:kubectl.kubernetes.io/last-applied-configuration:
      f:spec:
        .:
        f:commonName:
        f:dnsNames:
        f:issuerRef:
          .:
          f:kind:
          f:name:
        f:secretName:
    Manager:      kubectl
    Operation:    Update
    Time:         2021-05-11T07:27:17Z
    API Version:  cert-manager.io/v1
    Fields Type:  FieldsV1
    fieldsV1:
      f:status:
        f:conditions:
        f:nextPrivateKeySecretName:
    Manager:         controller
    Operation:       Update
    Time:            2021-05-11T07:27:18Z
  Resource Version:  1153723585
  Self Link:         /apis/cert-manager.io/v1/namespaces/harbor/certificates/public-tls
  UID:               4421c82a-4796-4c6c-9578-31eddf2756d5
Spec:
  Common Name:  baidu.com
  Dns Names:
    baidu.com
    *.baidu.com
  Issuer Ref:
    Kind:       ClusterIssuer
    Name:       letsencrypt-http01
  Secret Name:  public-server-tls
Status:
  Conditions:
    Last Transition Time:        2021-05-11T07:27:18Z
    Message:                     Issuing certificate as Secret does not exist
    Observed Generation:         1
    Reason:                      DoesNotExist
    Status:                      False
    Type:                        Ready
    Last Transition Time:        2021-05-11T07:27:18Z
    Message:                     Issuing certificate as Secret does not exist
    Observed Generation:         1
    Reason:                      DoesNotExist
    Status:                      True
    Type:                        Issuing
  Next Private Key Secret Name:  public-tls-hdk87
Events:
  Type    Reason     Age   From          Message
  ----    ------     ----  ----          -------
  Normal  Issuing    70s   cert-manager  Issuing certificate as Secret does not exist
  Normal  Generated  70s   cert-manager  Stored new private key in temporary Secret resource "public-tls-hdk87"
  Normal  Requested  70s   cert-manager  Created new CertificateRequest resource "public-tls-pfbvn"

my Certificate.yml is blew

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: public-tls
  namespace: harbor
spec:
  secretName: public-server-tls
  commonName: baidu.com
  issuerRef:
    name: letsencrypt-http01
    kind: ClusterIssuer
  dnsNames:
  - baidu.com
  - "*.baidu.com"

[NullYing]

请问你解决了吗？复现了相同的错误

---

解决了，是域名写错

[thinkerw]

@NullYing @Hello-Linux 请问是怎么解决的，也是遇到这样的问题

[NullYing]

@NullYing @Hello-Linux 请问是怎么解决的，也是遇到这样的问题

核对域名是否归属于账号下，看看是不是域名写错

[thinkerw]

@NullYing 建立了RAM子账号，同时key跟secret都base64，同时账号具备DNS的所有权限，域名检查也没写错，还是有这个错

[thinkerw]

@NullYing pod的状态都正确

[thinkerw]

@NullYing

[pragkent]

@NullYing pod的状态都正确

看起来webhook并未收到cert-manager的请求，应当和aliyun的权限及账号没有关系。
可以检查看看扩展APIService资源的情况，常见原因是对bundle.yml中的acme.yourcompany.com进行了替换但未替换完全。

[jingyichushi]

参考https://blog.csdn.net/weixin_47003048/article/details/123947855，千万别忘记通过RAM设置AliyunDNSFullAcess这一角色权限