alicloud: error getting hosted zones: alicloud: error describing domains

[wangchao732]

[rifandyzv]

This also happened to me, why it trying to find the TLD on my DNS?

cc @olivierboudet @artemlive @AtarisMio

[olivierboudet]

Hello,
Can you share your issuer configuration ?

[rifandyzv]

@olivierboudet
I'm using Cluster issuer with DNS01, because I need to generate a wildcard cert

[olivierboudet]

Thanks, and what is your Certificate configuration ?

[rifandyzv]

Thanks, and what is your Certificate configuration ?

@olivierboudet
Can't put the certificate configuration and the dns name here. but it's basic certificate configuration with issuerref to the issuer above. I'm requestion for wildcard on my subdomain, this is a domain example that I put in the commanName and dnsNames: *.sub.domain.example.com

I don't understand why the challenge is requesting for the TLD? I also experienced before that the challenge was requesting only for the root domain.

I'm using multi-zone DNS setup here, so I put separate zone for my subdomains on different account

I've checked the code, I feel suspicious this issue caused by the unfqdn and fqdn functions. please help to check

[olivierboudet]

I think it could be related to multi-zone DNS setup but I am not using this kind of setup. Perhaps this part of the cert-manager documentation could help you : https://cert-manager.io/docs/configuration/acme/dns01/#delegated-domains-for-dns01

[rifandyzv]

@olivierboudet I think it is unrelated to that, because as you see in my first screenshot the challenge was trying to issue cert for "com." domain, which I think that is a DNS/string parsing issue

after further checking, it appeared the issue was related to that cert-manager mechanism

[olivierboudet]

Not sure if it can help but did you try parameters documented here : https://cert-manager.io/docs/configuration/acme/dns01/#setting-nameservers-for-dns01-self-check (dns01-recursive-nameservers and dns01-recursive-nameservers-only)