Found no Zones for wildcard domain in acme challenge

I’m getting this error in wildcard domain certificate challenge:

Error presenting challenge: Found no Zones for domain _acme-challenge.my-domain.com. (neither in the sub-domain noir in the SLD) please make sure your domain-entries in the config are correct and the API is correctly setup with Zone.read rights.

I’m using Cloudflare as the DNS01 Challenge Provider in cert-manager and have set up the API token with the permissions described in the cert-manager documentation for Cloudflare.

My cluster issuer looks like this:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: test-issuer
spec:
  acme:
    email: <email>
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: test-issuer-private-key
    solvers:
    - dns01:
        cloudflare:
          email: <email>
          apiTokenSecretRef:
            name: test-issuer-access-key
            key: api-token

And my certificate:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: test-wildcard
spec:
  secretName: test-wildcard-tls
  issuerRef:
    name: test-issuer
    kind: ClusterIssuer
  dnsNames:
  - "*.my-domain.com"

I have CNAME record with ‘*’ name that points to my domain and an A record that points to my Kubernetes cluster IP. Is there something else I need to set to be able to find the zone for the certificate challenge?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.