Our clusterissuer is pointing to the domain "*.cp.
". But during the renewal looking at the cert-manager pod's logs it is trying to send the ACME DNDS challenge to another domain "*.cp.iicsqa.uswest2.cloudtrust.rocks."
kind: Certificate
metadata:
creationTimestamp: 2019-02-27T09:41:41Z
generation: 1
name: prometheus-ssl-cert
namespace: lamm
ownerReferences:
- apiVersion: extensions/v1beta1
blockOwnerDeletion: true
controller: true
kind: Ingress
name: monitoringaddon-prometheus-prometheus
uid: e305ff4d-3a73-11e9-b3bb-0258b2ac4fb6
resourceVersion: "88181370"
uid: e3088cd5-3a73-11e9-b3bb-0258b2ac4fb6
spec:
acme:
config:
- dns01:
provider: route53
domains:
- prometheus.cp.product.qa.uswest2.cloudtrust.rocks
commonName: ""
dnsNames:
- prometheus.cp.product.qa.uswest2.cloudtrust.rocks
issuerRef:
kind: ClusterIssuer
name: certissueraddon-ct-acme-issuer
secretName: prometheus-ssl-cert
status:
acme:
order:
challenges:
dns01:
provider: route53
domain: prometheus.cp.iicsqa.uswest2.cloudtrust.rocks
key: _hdajkhcfdsjkcdsjcGKHKDKjkdshdkjahkajshcksjdcnsdkj
token: WHJKJFCJKdjkhcskjdhcvkjdhckjsvjrhsjcksjcnkJKJJK
type: dns-01
wildcard: false
conditions:
- lastTransitionTime: 2019-06-11T10:05:22Z
message: "Failed to clean up previous order: Failed to change Route 53 record
set: InvalidChangeBatch: [Tried to delete resource record set [name='_acme-challenge.prometheus.cp.iicsqa.uswest2.cloudtrust.rocks.',
type='TXT'] but it was not found]\n\tstatus code: 400, request id: 30b7b3a2-29c2-46f1-bef3-ae15882a7393"
reason: ValidateError
status: "False"
type: Ready
- lastTransitionTime: null
message: Order validated
reason: OrderValidated
status: "False"
type: ValidateFailed