I’m getting this error in wildcard domain certificate challenge:
Error presenting challenge: Found no Zones for domain _acme-challenge.my-domain.com. (neither in the sub-domain noir in the SLD) please make sure your domain-entries in the config are correct and the API is correctly setup with Zone.read rights.
I’m using Cloudflare as the DNS01 Challenge Provider in cert-manager and have set up the API token with the permissions described in the cert-manager documentation for Cloudflare.
My cluster issuer looks like this:
apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: test-issuer spec: acme: email: <email> server: https://acme-staging-v02.api.letsencrypt.org/directory privateKeySecretRef: name: test-issuer-private-key solvers: - dns01: cloudflare: email: <email> apiTokenSecretRef: name: test-issuer-access-key key: api-token
And my certificate:
apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: test-wildcard spec: secretName: test-wildcard-tls issuerRef: name: test-issuer kind: ClusterIssuer dnsNames: - "*.my-domain.com"
I have CNAME record with ‘*’ name that points to my domain and an A record that points to my Kubernetes cluster IP. Is there something else I need to set to be able to find the zone for the certificate challenge?