Cert manager Rancher timeout

sylflo · August 18, 2018, 4:54pm

I am trying to use ssl with Rancher2.

I found this thread and tried to follow this tutorial https://www.youtube.com/watch?v=xc8Jg9ItDVk
I am completely struggling to just make a ClusterIssuer.

My clusterIssuer is the following one:

apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
  name: letsencrypt-cluster-staging
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: fakeemail@gmail.com
    privateKeySecretRef:
      name: letsencrypt-cluster-staging
    http01: {}

Now when I do a describe I have the following error

Events:
  Type     Reason                Age                 From          Message
  ----     ------                ----                ----          -------
  Warning  ErrInitIssuer         16m (x12 over 18m)  cert-manager  Error initializing issuer: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
  Warning  ErrVerifyACMEAccount  6m (x16 over 18m)   cert-manager  Failed to verify ACME account: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
  Warning  ErrVerifyACMEAccount  3m                  cert-manager  Failed to verify ACME account: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-staging-v02.api.letsencrypt.org on 10.43.0.10:53: dial udp 10.43.0.10:53: i/o timeout
  Warning  ErrInitIssuer         3m                  cert-manager  Error initializing issuer: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-staging-v02.api.letsencrypt.org on 10.43.0.10:53: dial udp 10.43.0.10:53: i/o timeout
  Warning  ErrVerifyACMEAccount  30s (x2 over 17m)   cert-manager  Failed to verify ACME account: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
  Warning  ErrInitIssuer         30s (x2 over 17m)   cert-manager  Error initializing issuer: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout

And if I try to do a wget in the cert-manager pod I have this error

wget https://acme-staging-v02.api.letsencrypt.org/directory
wget: bad address 'acme-staging-v02.api.letsencrypt.org'

It seems that the pod is not connected outside of the cluster so it can not access letsencrypt website. I dunno, I am work, I am pretty new to Rancher and Kubernetes so I am a bit struggling.
Should I use nodePort to connect outside of the cluster ? And so that the cert-manager gets access to the internet ?

Topic		Replies	Views
Cert manager - Certificate issued but not added to certificates Rancher 2.x	4	3725	February 10, 2019
Rancher HA 2.4 Cert-Manager / Lets Encrypt 404 Rancher 2.x	3	1355	May 6, 2020
Cert-manager and Rancher 2.0? Rancher 1.x	17	12477	February 12, 2019
Lets Encrypt for cluster applications how? Rancher 2.x	2	1966	December 30, 2019
Cert-manager certificate issuing with ClusterIssuer gets stuck on self-check Rancher 2.x	0	2888	July 23, 2018

Cert manager Rancher timeout

Related Topics