Hallo,
scheitere gerade daran für Subdomains Zertifikate auszustellen, der API-Zugriff scheint aber korrekt konfiguriert zu sein, da ein Versuch nur mit der Hauptdomain erfolgreich war.
Ziel ist es einen ejabberd-Server auf meinem Kubernetes-Cluster zu Hause zur Verfügung zu stellen.
Folgende DNS-Einstellungen habe ich vorgenommen:
xmpp | A | 83.142.91.142 # zeigt auf meine IP zuhause |
conference | CNAME | xmpp.meinedomain.de |
proxy | CNAME | xmpp.meinedomain.de |
pubsub | CNAME | xmpp.meinedomain.de |
upload | CNAME | xmpp.meinedomain.de |
_stun._tcp |
SRV | 10 5 3478 xmpp.meinedomain.de |
_stun._udp |
SRV | 10 5 3478 xmpp.meinedomain.de |
_stuns._tcp |
SRV | 10 5 5349 xmpp.meinedomain.de |
_xmpp-client._tcp |
SRV | 10 5 5222 xmpp.meinedomain.de |
_xmpp-server._tcp |
SRV | 10 5 5269 xmpp.meinedomain.de |
_xmpps-client._tcp |
SRV | 10 5 443 xmpp.meinedomain.de |
Hier noch ein paar Konfis und Logs:
ingress.yml
Code
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ejabberd-http-ingress
namespace: ejabberd-ns
annotations:
kubernetes.io/ingress.class: "public"
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: netcup-issuer # Der ClusterIssuer, der das Zertifikat ausstellt
cert-manager.io/acme-challenge-type: dns01
spec:
rules:
- host: meinedomain.de
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ejabberd-internal
port:
number: 5280
tls:
- hosts:
- "meinedomain.de" # Das Zertifikat gilt für die Hauptdomain
# - "*.meinedomain.de" # Wildcard Zertifikat für alle Subdomains
- "conference.meinedomain.de"
- "proxy.meinedomain.de"
- "pubsub.meinedomain.de"
- "upload.meinedomain.de"
secretName: ejabberd-meinedomain-tls
Display More
kubectl -n ejabberd-ns events --watch
Code
0s Normal OrderCreated CertificateRequest/ejabberd-meinedomain-tls-1 Created Order resource ejabberd-ns/ejabberd-meinedomain-tls-1-769472745
0s Normal OrderPending CertificateRequest/ejabberd-meinedomain-tls-1 Waiting on certificate issuance from order ejabberd-ns/ejabberd-meinedomain-tls-1-769472745: ""
0s Normal Created Order/ejabberd-meinedomain-tls-1-769472745 Created Challenge resource "ejabberd-meinedomain-tls-1-769472745-1165163020" for domain "meinedomain.de"
0s Normal Created Order/ejabberd-meinedomain-tls-1-769472745 Created Challenge resource "ejabberd-meinedomain-tls-1-769472745-2288106132" for domain "proxy.meinedomain.de"
0s Normal Created Order/ejabberd-meinedomain-tls-1-769472745 Created Challenge resource "ejabberd-meinedomain-tls-1-769472745-893561251" for domain "pubsub.meinedomain.de"
0s Normal Created Order/ejabberd-meinedomain-tls-1-769472745 Created Challenge resource "ejabberd-meinedomain-tls-1-769472745-2580783813" for domain "upload.meinedomain.de"
0s Normal Started Challenge/ejabberd-meinedomain-tls-1-769472745-2288106132 Challenge scheduled for processing
0s Normal Started Challenge/ejabberd-meinedomain-tls-1-769472745-893561251 Challenge scheduled for processing
0s Normal Started Challenge/ejabberd-meinedomain-tls-1-769472745-2580783813 Challenge scheduled for processing
0s Normal Presented Challenge/ejabberd-meinedomain-tls-1-769472745-2288106132 Presented challenge using DNS-01 challenge mechanism
0s Normal Presented Challenge/ejabberd-meinedomain-tls-1-769472745-893561251 Presented challenge using DNS-01 challenge mechanism
0s Normal Presented Challenge/ejabberd-meinedomain-tls-1-769472745-2580783813 Presented challenge using DNS-01 challenge mechanism
0s Normal DomainVerified Challenge/ejabberd-meinedomain-tls-1-995231938-3514114516 Domain "meinedomain.de" verified with "DNS-01" validation
1s Normal Started Challenge/ejabberd-meinedomain-tls-1-769472745-1165163020 Challenge scheduled for processing
0s Normal Presented Challenge/ejabberd-meinedomain-tls-1-769472745-1165163020 Presented challenge using DNS-01 challenge mechanism
Display More