weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
268caa04f1
cert-manager/docs/reference/orders.rst
James Munnelly 170771f9be Add reference docs for Order and Challenge resources 
Signed-off-by: James Munnelly <james@munnelly.eu>
2019-01-15 16:40:38 +00:00

83 lines
3.2 KiB
ReStructuredText
Raw Blame History

======
Orders
======
Order resources are used by the ACME issuer to manage the lifecycle of an ACME
'order' for a signed TLS certificate.
When a Certificate resource is created that references an ACME issuer,
cert-manager will create an Order resource in order to obtain a signed
certificate.
As an end-user, you will never need to manually create an Order resource.
Once created, an Order cannot be changed. Instead, a new Order resource must be
created.
Debugging Order resources
=========================
In order to debug why a Certificate isn't being issued, we can first run
``kubectl describe`` on the Certificate resource we're having issues with:
.. code-block:: shell
$ kubectl describe certificate example-com
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Generated 1m cert-manager Generated new private key
Normal OrderCreated 1m cert-manager Created Order resource "example-com-1217431265"
We can see here that Certificate controller has created an Order resource to
request a new certificate from the ACME server.
Orders are a useful source of information when debugging failures issuing ACME
certificates. By running ``kubectl describe order`` on a particular order,
information can be gleaned about failures in the process:
.. code-block:: shell
$ kubectl describe order example-com-1248919344
...
Reason:
State: pending
URL: https://acme-v02.api.letsencrypt.org/acme/order/41123272/265506123
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Created 1m cert-manager Created Challenge resource "example-com-1217431265-0" for domain "test1.example.com"
Normal Created 1m cert-manager Created Challenge resource "example-com-1217431265-1" for domain "test2.example.com"
Here we can see that cert-manager has created two Challenge resources in order
to fulfil the requirements of the ACME order to obtain a signed certificate.
You can then go on to run
``kubectl describe challenge example-com-1217431265-0`` to further debug the
progress of the Order.
Once an Order is successful, you should see an event like the following:
.. code-block:: shell
$ kubectl describe order example-com-1248919344
...
Reason:
State: valid
URL: https://acme-v02.api.letsencrypt.org/acme/order/41123272/265506123
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Created 72s cert-manager Created Challenge resource "example-com-1217431265-0" for domain "test1.example.com"
Normal Created 72s cert-manager Created Challenge resource "example-com-1217431265-1" for domain "test2.example.com"
Normal OrderValid 4s cert-manager Order completed successfully
If the Order is not completing successfully, you can debug the challenges
for the Order by running ``kubectl describe`` on the Challenge resource.
For more information on debugging Challenge resources, read the
:doc:`challenge reference docs </reference/challenges>`.
Reference in New Issue View Git Blame Copy Permalink