-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
failed to sign certificate request - error parsing time #46
Comments
This is a different bug than the linked issue. You're getting an error from the API, but this parse error is shown instead. I'll fix and make a new release. |
Great @terinjokes ! |
Some of our certs in our Kubernetes cluster have started failing too due to this issue. I did some basic troubleshooting on this issue and I think that the issue here lies with the CSR being given by CertManager not being compatible with CF api. I rolled back my clusters with an urgent fix to v1.4.4 (temporarily) for CertManager and was able to re-issue certificates successfully. |
I'm facing the same issue while creating a new cluster. Using cert manager v1.4.4 didn't work for me. Do you have suggestion on a temporary work around while you implement the fix? |
Not yet, but I'm working on this today, so hope to have a new release out soon. |
Thanks for the update! Do let me know if there's any information that I can provide to assist |
If the Cloudflare API returns an error, it is unlikely to have also sent a valid response, resulting in failure trying to parse the expiration time formats. This changeset delays parsing the result field until after verifying the error field. Fixes #46
If the Cloudflare API returns an error, it is unlikely to have also sent a valid response, resulting in failure trying to parse the expiration time formats. This changeset delays parsing the result field until after verifying the error field. Fixes #46
I have attempted to deploy the deploy/example using a brand new kubernetes cluster (1.21.5-do.0) with cert-manager 1.6.1. I installed origin-ca-issuer from this patch branch: https://github.com/cloudflare/origin-ca-issuer/tree/patches/v0.7.0 I no longer get any errors. But my cert never gets into a ready state. the cert does generate a CertificateRequest but my CertificateRequest has no events. The OriginIssuer/prod-issuer is in a ready state and also has no events I did modify the example files to use my Origin CA Key and dnsNames, but nothing else was changed. Previously, I got the error the above time parse error, but now no errors and no events. Its almost like cert-manager is not talking to OriginIssuer/prod-issuer at all |
cert-manager doesn't talk to origin-ca-issuer at all. It all happens though CRDs. Check permissions and logs of the controller. |
If the Cloudflare API returns an error, it is unlikely to have also sent a valid response, resulting in failure trying to parse the expiration time formats. This changeset delays parsing the result field until after verifying the error field. Fixes #46
@yizhexu I can't repeat your issues locally. If you continue to have issues please open a new ticket with more details. |
Hello .
I am getting this error while trying to sign a certificate :
default 0s Warning Failed certificate/example-com The certificate request has failed to complete and will be retried: Failed to sign certificate request: unable to sign request: parsing time "" as "2006-01-02T15:04:05Z07:00": cannot parse "" as "2006"
The originissuer and everything is in place as per installation instructions :
kubectl get originissuer.cert-manager.k8s.cloudflare.com prod-issuer -n default -o json | jq .status.conditions
[
{
"lastTransitionTime": "2021-11-25T13:27:32Z",
"message": "OriginIssuer verified and ready to sign certificates",
"reason": "Verified",
"status": "True",
"type": "Ready"
}
]
The issue seems to be related to this :
cloudflare/cloudflare-go#190
My setup :
cert-manager-v1.5.4
kubernetes : v1.21.5
origin-ca-issuer : cloudflare/origin-ca-issuer:v0.6.0
The text was updated successfully, but these errors were encountered: