Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error presenting challenge cannot create resource "godaddy" in API group "acme.amprajin.in" at the cluster scope #25

Open
PRAJINPRAKASH opened this issue Mar 27, 2023 · 6 comments
Open

Error presenting challenge cannot create resource "godaddy" in API group "acme.amprajin.in" at the cluster scope #25

PRAJINPRAKASH opened this issue Mar 27, 2023 · 6 comments
Labels
question Further information is requested wontfix This will not be worked on

Comments

@PRAJINPRAKASH
Copy link

Error presenting challenge: godaddy.acme.amprajin.in is forbidden: User "system:serviceaccount:cert-manager:cert-manager" cannot create resource "godaddy" in API group "acme.amprajin.in" at the cluster scope

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # ACME Server
    # prod : https://acme-v02.api.letsencrypt.org/directory
    # staging : https://acme-staging-v02.api.letsencrypt.org/directory
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    # ACME Email address
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-staging # staging or production
    solvers:
    - selector:
        dnsNames:
        - '*.amprajin.in'
      dns01:
        webhook:
          config:
            apiKeySecretRef:
              name: godaddy-api-key
              key: token
            production: true
            ttl: 600
          groupName: acme.amprajin.in
          solverName: godaddy

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wildcard-amprajin-in
spec:
  secretName: wildcard-amprajin-in-tls
  renewBefore: 240h
  dnsNames:
  - '*.amprajin.in'
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer
@spencertr
Copy link

did you figure this out? i have the same exact issue

@giacomotontini
Copy link

Have you tried creating a ClusterRole and a ClusterRoleBinding like someone else stated online here

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: dns-challenge-missing-role
rules:
- apiGroups: ["acme.amprajin.in"] # "" indicates the core API group
  resources: ["godaddy"]
  verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dns-challenge-missing-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: dns-challenge-missing-role
subjects:
- kind: ServiceAccount
  name: cert-manager
  namespace: cert-manager

@cmoulliard
Copy link
Member

Can we close this ticket if you have been able to resolve it ? @PRAJINPRAKASH

@cmoulliard cmoulliard added question Further information is requested wontfix This will not be worked on labels Sep 19, 2023
@ckt114
Copy link
Contributor

ckt114 commented Feb 4, 2024

This error happens when installing godaddy-webhook using the kubectl apply -f ... method. The cert-manager.yaml have the string acme.mycompany.com hard-coded for the groupName. What you have to do is download that file and replace that value with the value you want.

OR

Install it using Helm with helm upgrade --install -n cert-manager godaddy-webhook godaddy-webhook/godaddy-webhook --set groupName=acme.YOURCOMPANY.com

@cmoulliard
Copy link
Member

Can you propose a PR to improve the readme file of this project to warn the user and propose solutions as you suggested ? @ckt114

@ckt114
Copy link
Contributor

ckt114 commented Feb 9, 2024

@cmoulliard #42

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@cmoulliard @ckt114 @PRAJINPRAKASH @giacomotontini @spencertr