问题描述
使用cert-manager申请免费证书报错:
kubectl get certificaterequests.cert-manager.io -o wide
NAME APPROVED DENIED READY ISSUER REQUESTOR STATUS AGE
five-time-cn-sbxft True False cert-manager-webhook-dnspod-clusterissuers system:serviceaccount:cert-manager:cert-manager Failed to wait for order resource "five-time-cn-sbxft-845965338" to become ready: order is in "errored" state: Failed to create Order: 429 urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: *.xxx.cn,xxx.cn, retry after 2022-08-30T22:25:13Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/ 35s
问题分析
cert-manager会去Let's encrypt申请免费证书,但是Let's encrypt对相同重复证书的申请有次数限制。
问题解决
1.修改Certificate资源对象
$ vim cert-manager-webhook-dnspod-certificate.yaml
...
dnsNames:
- "xxx1.cn"
- "test.xxx1.cn"
...
参考文档
[1] https://letsencrypt.org/docs/duplicate-certificate-limit/ 如果您有其他问题,欢迎您联系火山引擎技术支持服务