1

I have issue with the cert manager which prevents me from synchronizing the robot with the cloud cluster.

It seems that it is due to a certificate error some way I can solve it.

the logs of cert manager:

1 controller.go:200] cert-manager/controller/orders "msg"="re-queuing item  due to error processing" "error"="error creating new order: acme: urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many certificates already issued for exact set of domains: www.endpoints.guminator.cloud.goog: see https://letsencrypt.org/docs/rate-limits/" "key"="default/cloud-robotics-2181866887"
ESCoder
  • 15,431
  • 2
  • 19
  • 42
Brando Escobar
  • 11
  • 2

1 Answers1

0

This is hitting the "Duplicate Certificate limit of 5 per week" mentioned at https://letsencrypt.org/docs/rate-limits/. https://tools.letsdebug.net/cert-search?m=domain&q=www.endpoints.guminator.cloud.goog&d=168 shows when the certificates were created.

For a short-term resolution: I'd hope it will start working again in the next days, since the first certificates were issued on the 12th.

For a long-term resolution: Have you done anything that would cause this, for example deleting and recreating the cluster multiple times? If you need to do this regularly, you have two options:

Back up the certificate

https://cert-manager.readthedocs.io/en/release-0.9/tasks/backup-restore-crds.html suggests the following approach for backing up and restoring the configuration:

kubectl get -o yaml \
   issuer,clusterissuer,certificates,orders,challenges > cert-manager-backup.yaml
kubectl get -o yaml secret letsencrypt-prod > cert-manager-secret-backup.yaml

Then, to restore after recreating the cluster:

kubectl apply -f cert-manager-secret-backup.yaml

Caveat: I have not tested this approach.

Use the Staging environment

https://letsencrypt.org/docs/staging-environment/ states that the staging environment allows 30,000 duplicate certs per week. You'd need to:

Rodrigo Queiro
  • 1,324
  • 8
  • 15