Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: warn if old certificate challenges are present #283

Merged
merged 1 commit into from
Feb 13, 2024
Merged

feat: warn if old certificate challenges are present #283

merged 1 commit into from
Feb 13, 2024

Conversation

shreddedbacon
Copy link
Member

@shreddedbacon shreddedbacon commented Dec 20, 2023
edited
Loading

This adds an accordion that will present any ingress that have stale acme challenges. The accordion will only display if any are detected.

I've linked to the going-live documentation, but this could probably be better placed in its own section along with build errors and warnings maybe?

>> Lagoon detected routes that have stale acme certificate challenges.
  This indicates that the routes have not generated the certificate for some reason.
  You may need to verify that the DNS or configuration is correct for the hosting provider.
  https://docs.lagoon.sh/using-lagoon-the-basics/going-live/#routes-ssl
  Depending on your going live instructions from your hosting provider, you may need to make adjustments to your .lagoon.yml file
  Otherwise, If you no longer need these routes, you should remove them from your .lagoon.yml file.

> The route 'test.example.com' has stalled certificate challenge
  reason: order is in "errored" state: Failed to create Order: 400 urn:ietf:params:acme:error:rejectedIdentifier: Error creating new order :: Cannot issue for "test.example.com": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy
> The route 'fail.example.com' has stalled certificate challenge
  reason: order is in "errored" state: Failed to create Order: 400 urn:ietf:params:acme:error:rejectedIdentifier: Error creating new order :: Cannot issue for "fail.example.com": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy

@shreddedbacon shreddedbacon marked this pull request as ready for review December 20, 2023 23:24
@shreddedbacon shreddedbacon added the enhancement New feature or request label Dec 21, 2023
@shreddedbacon shreddedbacon force-pushed the warn-stale-challenges branch 2 times, most recently from 4e5958a to 7a62e3a Compare January 7, 2024 22:45
@shreddedbacon shreddedbacon added this to the 2.18.0 milestone Feb 6, 2024
@shreddedbacon shreddedbacon force-pushed the warn-stale-challenges branch 2 times, most recently from fe4410d to a7d5c6a Compare February 13, 2024 03:00
tobybellwood
tobybellwood approved these changes Feb 13, 2024
View reviewed changes
Copy link
Member

@tobybellwood tobybellwood left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense to me.

Happy to approve and push to test cluster for real-world verification

@shreddedbacon shreddedbacon merged commit 622c8e1 into main Feb 13, 2024
2 checks passed
@shreddedbacon shreddedbacon deleted the warn-stale-challenges branch February 13, 2024 05:33
@shreddedbacon shreddedbacon mentioned this pull request Feb 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tobybellwood tobybellwood tobybellwood approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
2.18.0
Development

Successfully merging this pull request may close these issues.
2 participants
@shreddedbacon @tobybellwood