заметки об администрировании и python. Траблшутинг в «примерах» и HOWTO.

😎 О себе | 📚 Литература и ресурсы | ⚡ Все посты | 📮 E-mail
2 заметки с тегом

let’s encrypt

Kubernetes: настройка cert-manager с Cloudflare

Kubernetes: настройка cert-manager с Cloudflare

Сниппеты настройки cert-manager с Cloudflare

1. Создаем secret c api-токеном Cloudflare (User Profile > API Tokens > API Tokens) в namespace cert-manager:


apiVersion: v1
data:
  api-key: KEY_ON_BASE64
kind: Secret
metadata:
  name: cloudflare-api-key-secret
  namespace: cert-manager
type: Opaque

  1. Для выпуска сертификата запустим следующий манифест

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-4admin-space
spec:
  acme:
    email: EMAIL_FOR_LETSENCRYPT
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-4admin-space
    solvers:
      - selector: {}
        dns01:
          cloudflare:
            email: CLOUDFLARE_EMAIL
            apiTokenSecretRef:
              name: cloudflare-api-key-secret
              key: api-key

  1. Сертификат

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: 4admin-space
  namespace: default
spec:
  secretName: 4admin-space-tls
  issuerRef:
    name: letsencrypt-4admin-space
    kind: ClusterIssuer
  commonName: "*.4admin.space"
  dnsNames:
    - 4admin.space
    - "*.4admin.space"

  1. nginx-ingress



Дебаг проблем с выпусом сертификата в оф документации

certbot ImportError: ’pyOpenSSL’ module missing required functionality

certbot ImportError: 'pyOpenSSL' module missing required functionality

Если при попытке выпустить SSL-сертификат с помощью certbot на CentOS 7 возникает следующая ошибка:


[admin ~]# certbot --nginx
Traceback (most recent call last):
  File "/usr/bin/certbot", line 9, in 
    load_entry_point('certbot==0.22.2', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 480, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2693, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2324, in load
    return self.resolve()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2330, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 20, in 
    from certbot import client
  File "/usr/lib/python2.7/site-packages/certbot/client.py", line 13, in 
    from acme import client as acme_client
  File "/usr/lib/python2.7/site-packages/acme/client.py", line 36, in 
    urllib3.contrib.pyopenssl.inject_into_urllib3()
  File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 112, in inject_into_urllib3
    _validate_dependencies_met()
  File "/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 147, in _validate_dependencies_met
    raise ImportError("'pyOpenSSL' module missing required functionality. "
ImportError: 'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.


Исправляем следующим образом:


pip uninstall requests
yum reinstall python-requests

pip uninstall six
yum reinstall python-six

pip uninstall urllib3
yum reinstall python-urllib3


 Нет комментариев    370   2018   CentOS 7   certbot   Error   let's encrypt   nginx   ssl