From 57b8332da200d5955aa0c5fab0bc555668c83ccc Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Thu, 20 Jun 2024 17:10:30 +1000 Subject: [PATCH] disable certificate issuing --- .../certificates/adguard-home.yaml | 120 +++++++++--------- 1 file changed, 63 insertions(+), 57 deletions(-) diff --git a/kubernetes/apps/cert-manager/certificates/adguard-home.yaml b/kubernetes/apps/cert-manager/certificates/adguard-home.yaml index 3d44f60..7b11936 100644 --- a/kubernetes/apps/cert-manager/certificates/adguard-home.yaml +++ b/kubernetes/apps/cert-manager/certificates/adguard-home.yaml @@ -1,58 +1,64 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: adguard-home-cert - namespace: cert-manager -spec: - # Secret names are always required. - secretName: adguard-home.cluster.edward.sydney-tls +#apiVersion: cert-manager.io/v1 +#kind: Certificate +#metadata: +# name: adguard-home-cert +# namespace: cert-manager +#spec: +# # Secret names are always required. +# secretName: adguard-home.cluster.edward.sydney-tls +# +# privateKey: +# algorithm: RSA +# encoding: PKCS1 +# size: 2048 +# +# # keystores allows adding additional output formats. This is an example for reference only. +# keystores: +# pkcs12: +# create: true +# passwordSecretRef: +# name: adguard-home-tls-keystore +# key: ${adguard_home_certificate_tls_keystore_password} +# profile: Modern2023 +# +# duration: 2160h # 90d +# renewBefore: 360h # 15d +# +# isCA: false +# usages: +# - server auth +# - client auth +# +# subject: +# organizations: +# - edward.sydney +# +# # The literalSubject field is exclusive with subject and commonName. It allows +# # specifying the subject directly as a string. This is useful for when the order +# # of the subject fields is important or when the subject contains special types +# # which can be specified by their OID. +# # +# # literalSubject: "O=jetstack, CN=example.com, 2.5.4.42=John, 2.5.4.4=Doe" +# +# # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required. +# dnsNames: +# - "${adguard_home_certificate_dns_name}" +# - "*.${adguard_home_certificate_dns_name}" +# emailAddresses: +# - ${adguard_home_certificate_email} +# +# # Issuer references are always required. +# issuerRef: +# name: clusterissuer +# # We can reference ClusterIssuers by changing the kind here. +# # The default value is Issuer (i.e. a locally namespaced Issuer) +# kind: ClusterIssuer +# # This is optional since cert-manager will default to this value however +# # if you are using an external issuer, change this to that issuer group. +# group: cert-manager.io - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - - # keystores allows adding additional output formats. This is an example for reference only. - keystores: - pkcs12: - create: true - passwordSecretRef: - name: adguard-home-tls-keystore - key: ${adguard_home_certificate_tls_keystore_password} - profile: Modern2023 - - duration: 2160h # 90d - renewBefore: 360h # 15d - - isCA: false - usages: - - server auth - - client auth - - subject: - organizations: - - edward.sydney - - # The literalSubject field is exclusive with subject and commonName. It allows - # specifying the subject directly as a string. This is useful for when the order - # of the subject fields is important or when the subject contains special types - # which can be specified by their OID. - # - # literalSubject: "O=jetstack, CN=example.com, 2.5.4.42=John, 2.5.4.4=Doe" - - # At least one of commonName (possibly through literalSubject), dnsNames, uris, emailAddresses, ipAddresses or otherNames is required. - dnsNames: - - "${adguard_home_certificate_dns_name}" - - "*.${adguard_home_certificate_dns_name}" - emailAddresses: - - ${adguard_home_certificate_email} - - # Issuer references are always required. - issuerRef: - name: clusterissuer - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: ClusterIssuer - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io \ No newline at end of file +#The certificate request has failed to complete and will be retried: +# Failed to wait for order resource "adguard-home-cert-1-1931876784" to become +# ready: order is in "errored" state: Failed to create Order: 429 urn:ietf:params:acme:error:rateLimited: +# Error creating new order :: too many certificates already issued for "edward.sydney". +# Retry after 2024-06-25T21:00:00Z: see https://letsencrypt.org/docs/rate-limits/ \ No newline at end of file