Cert-manager spamming services at .well-known/acme-challenge endpoint #5958
-
I am confused why cert-manager is spamming our services at the .well-known/acme-challenge endpoint. Every few seconds cert-manager is issuing a request to services on the cluster which have ingress in front of them. A sample looks like this:
As an aside I had v1.7.0 installed but upgraded to 1.11.1, I am not sure why the logs still show v1.7.0. In the logs I see the following error:
I use Let's Encrypt for my cluster-issuers, which look like the following (with the actual email redacted):
I've used kubectl describe to check all cert-manager resources and nothing seems out of the ordinary. Any help would be greatly appreciated! Kubernetes version: 1.25 |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments
-
Hi, thanks for opening the issue.
It appears that there are some unsolved
You probably want to find out what |
Beta Was this translation helpful? Give feedback.
-
thanks so much for the response @irbekrm ! I am unable to find any open challenge resources in the cluster:
All Order resources have a valid status and all Certificates are in Ready: True. The fact that the log shows 1.7.0 makes me wonder whether there could still be an open challenge from before the upgrade that is no longer visible since the CRD has been upgraded. I can't think of any other reason why this would be happening. |
Beta Was this translation helpful? Give feedback.
-
Could you please add full logs (ideally with |
Beta Was this translation helpful? Give feedback.
-
Sure, here it is:
The order mentioned - sensibleweather-io-ingress-zdg7j-3355431889 - is valid, so not sure why it might have been referenced there. |
Beta Was this translation helpful? Give feedback.
-
Here is a full describe on that order referenced in the log:
|
Beta Was this translation helpful? Give feedback.
-
@irbekrm I discovered the problem! I have a backup cluster that is issuing challenges against the primary cluster. So these challenges aren't originating in the primary cluster at all. Thanks so much for your help, mystery solved. |
Beta Was this translation helpful? Give feedback.
@irbekrm I discovered the problem! I have a backup cluster that is issuing challenges against the primary cluster. So these challenges aren't originating in the primary cluster at all. Thanks so much for your help, mystery solved.