Kubernetes certificate with Letsencrypt

Question

I want to create a certificate with letsencrypt.

When I run the this yml

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: grafana-tls
  namespace: grafana
type: "kubernetes.io/tls"
spec:
  secretName: grafana-tls
  issuerRef:
    name: letsencrypt-prod
  dnsNames:
     - mydomain.com

with kubectl apply -f .\grafana-tls.yml --validate=false

I encountered with the following error

Referenced "Issuer" not found: issuer.cert-manager.io "letsencrypt-prod" not found

But when I executed kubectl get clusterissuer I encountered with this result

NAME READY AGE

letsencrypt-prod True 3d22h

To deploy the cluster issuer, I used this config

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
  namespace: ingress-basic
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: myEmail
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx

score 0 · Accepted Answer · answered Sep 29 '21 at 08:09

According to this github documentation try adding kind: <ClusterIssuer | Issuer > under issueref and make sure that clusterissuer and the certificate are getting created in the same namespace.

apiVersion: cert-manager.io/v1
kind: Certificate
Metadata:
  name: grafana-tls
  namespace: grafana
type: "kubernetes.io/tls" 
spec: 
  secretName: grafana-tls
  issuerRef: 
    name: letsencrypt-prod 
    kind: <ClusterIssuer | Issuer > 
dnsNames: 
   - mydomain.com

Refer to this similar issue for more information.

Kubernetes certificate with Letsencrypt

1 Answers1