failed to sign certificate request - error parsing time #46
Comments
|
This is a different bug than the linked issue. You're getting an error from the API, but this parse error is shown instead. I'll fix and make a new release. |
|
Great @terinjokes ! |
|
Some of our certs in our Kubernetes cluster have started failing too due to this issue. I did some basic troubleshooting on this issue and I think that the issue here lies with the CSR being given by CertManager not being compatible with CF api. I rolled back my clusters with an urgent fix to v1.4.4 (temporarily) for CertManager and was able to re-issue certificates successfully. |
|
I'm facing the same issue while creating a new cluster. Using cert manager v1.4.4 didn't work for me. Do you have suggestion on a temporary work around while you implement the fix? |
|
Not yet, but I'm working on this today, so hope to have a new release out soon. |
|
Thanks for the update! Do let me know if there's any information that I can provide to assist |
If the Cloudflare API returns an error, it is unlikely to have also sent a valid response, resulting in failure trying to parse the expiration time formats. This changeset delays parsing the result field until after verifying the error field. Fixes #46
If the Cloudflare API returns an error, it is unlikely to have also sent a valid response, resulting in failure trying to parse the expiration time formats. This changeset delays parsing the result field until after verifying the error field. Fixes #46
|
I have attempted to deploy the deploy/example using a brand new kubernetes cluster (1.21.5-do.0) with cert-manager 1.6.1. I installed origin-ca-issuer from this patch branch: https://github.com/cloudflare/origin-ca-issuer/tree/patches/v0.7.0 I no longer get any errors. But my cert never gets into a ready state. the cert does generate a CertificateRequest but my CertificateRequest has no events. The OriginIssuer/prod-issuer is in a ready state and also has no events I did modify the example files to use my Origin CA Key and dnsNames, but nothing else was changed. Previously, I got the error the above time parse error, but now no errors and no events. Its almost like cert-manager is not talking to OriginIssuer/prod-issuer at all |
|
cert-manager doesn't talk to origin-ca-issuer at all. It all happens though CRDs. Check permissions and logs of the controller. |
If the Cloudflare API returns an error, it is unlikely to have also sent a valid response, resulting in failure trying to parse the expiration time formats. This changeset delays parsing the result field until after verifying the error field. Fixes #46
|
@yizhexu I can't repeat your issues locally. If you continue to have issues please open a new ticket with more details. |
Hello .
I am getting this error while trying to sign a certificate :
default 0s Warning Failed certificate/example-com The certificate request has failed to complete and will be retried: Failed to sign certificate request: unable to sign request: parsing time "" as "2006-01-02T15:04:05Z07:00": cannot parse "" as "2006"
The originissuer and everything is in place as per installation instructions :
kubectl get originissuer.cert-manager.k8s.cloudflare.com prod-issuer -n default -o json | jq .status.conditions
[
{
"lastTransitionTime": "2021-11-25T13:27:32Z",
"message": "OriginIssuer verified and ready to sign certificates",
"reason": "Verified",
"status": "True",
"type": "Ready"
}
]
The issue seems to be related to this :
cloudflare/cloudflare-go#190
My setup :
cert-manager-v1.5.4
kubernetes : v1.21.5
origin-ca-issuer : cloudflare/origin-ca-issuer:v0.6.0
The text was updated successfully, but these errors were encountered: