my configuration is as follows (the real domain name has been hidden):
01-cert-manager-certificate.yaml:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: api-wildcard-tls
namespace: default
spec:
secretName: mydomain-top-tls
commonName: mydomain.top
dnsNames:
- mydomain.top
- "*.mydomain.top"
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
02-cert-manager-clusterissuer-helm.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: xxx@gmail.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod-account-key
solvers:
- dns01:
webhook:
groupName: mydomain.top
solverName: alidns-solver
config:
region: "cn-hangzhou"
accessTokenSecretRef:
key: access-token
name: alidns-secrets
secretKeySecretRef:
key: secret-key
name: alidns-secrets
nstallation command is: elm install alidns-webhook cert-manager-alidns-webhook/alidns-webhook --namespace cert-manager --set groupName=mydomain.top
Abnormal information:
master-node-user@master-node:~$ kubectl describe challenge ${CHALLENGE_NAME} -n default
Name: api-wildcard-tls-1-3005100210-4160486914
Namespace: default
Labels:
Annotations:
API Version: acme.cert-manager.io/v1
Kind: Challenge
Metadata:
Creation Timestamp: 2025-11-22T08:55:30Z
Finalizers:
acme.cert-manager.io/finalizer
Generation: 1
Owner References:
API Version: acme.cert-manager.io/v1
Block Owner Deletion: true
Controller: true
Kind: Order
Name: api-wildcard-tls-1-3005100210
UID: dffdcce9-516f-4317-a457-c6416d6c1c40
Resource Version: 140656
UID: c58f1d0d-a040-4df8-9180-2e2bd176d222
Spec:
Authorization URL: https://acme-v02.api.letsencrypt.org/acme/authz/2819055426/616677770416
Dns Name: mydomain.top
Issuer Ref:
Kind: ClusterIssuer
Name: letsencrypt-prod
Key: xxxxxxxxxxxxxxxxx
Solver:
dns01:
Webhook:
Config:
Access Token Secret Ref:
Key: access-token
Name: alidns-secrets
Region: cn-hangzhou
Secret Key Secret Ref:
Key: secret-key
Name: alidns-secrets
Group Name: mydomain.top
Solver Name: alidns-solver
Token: nc_qq6m7m-04yqNftwGtOVcybO_1i0ie-7H9UDNaqr0
Type: DNS-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall/2819055426/616677770416/XddW8A
Wildcard: false
Status:
Presented: false
Processing: true
Reason: alicloud: error getting hosted zones: zone top. not found in AliDNS
State: pending
Events:
Type Reason Age From Message
Normal Started 9m3s cert-manager-challenges Challenge scheduled for processing
Warning PresentError 3m56s (x7 over 9m3s) cert-manager-challenges Error presenting challenge: alicloud: error getting hosted zones: zone top. not found in AliDNS
my configuration is as follows (the real domain name has been hidden):
01-cert-manager-certificate.yaml:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: api-wildcard-tls
namespace: default
spec:
secretName: mydomain-top-tls
commonName: mydomain.top
dnsNames:
- mydomain.top
- "*.mydomain.top"
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
02-cert-manager-clusterissuer-helm.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: xxx@gmail.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod-account-key
solvers:
- dns01:
webhook:
groupName: mydomain.top
solverName: alidns-solver
config:
region: "cn-hangzhou"
accessTokenSecretRef:
key: access-token
name: alidns-secrets
secretKeySecretRef:
key: secret-key
name: alidns-secrets
nstallation command is: elm install alidns-webhook cert-manager-alidns-webhook/alidns-webhook --namespace cert-manager --set groupName=mydomain.top
Abnormal information:
master-node-user@master-node:~$ kubectl describe challenge ${CHALLENGE_NAME} -n default
Name: api-wildcard-tls-1-3005100210-4160486914
Namespace: default
Labels:
Annotations:
API Version: acme.cert-manager.io/v1
Kind: Challenge
Metadata:
Creation Timestamp: 2025-11-22T08:55:30Z
Finalizers:
acme.cert-manager.io/finalizer
Generation: 1
Owner References:
API Version: acme.cert-manager.io/v1
Block Owner Deletion: true
Controller: true
Kind: Order
Name: api-wildcard-tls-1-3005100210
UID: dffdcce9-516f-4317-a457-c6416d6c1c40
Resource Version: 140656
UID: c58f1d0d-a040-4df8-9180-2e2bd176d222
Spec:
Authorization URL: https://acme-v02.api.letsencrypt.org/acme/authz/2819055426/616677770416
Dns Name: mydomain.top
Issuer Ref:
Kind: ClusterIssuer
Name: letsencrypt-prod
Key: xxxxxxxxxxxxxxxxx
Solver:
dns01:
Webhook:
Config:
Access Token Secret Ref:
Key: access-token
Name: alidns-secrets
Region: cn-hangzhou
Secret Key Secret Ref:
Key: secret-key
Name: alidns-secrets
Group Name: mydomain.top
Solver Name: alidns-solver
Token: nc_qq6m7m-04yqNftwGtOVcybO_1i0ie-7H9UDNaqr0
Type: DNS-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall/2819055426/616677770416/XddW8A
Wildcard: false
Status:
Presented: false
Processing: true
Reason: alicloud: error getting hosted zones: zone top. not found in AliDNS
State: pending
Events:
Type Reason Age From Message
Normal Started 9m3s cert-manager-challenges Challenge scheduled for processing
Warning PresentError 3m56s (x7 over 9m3s) cert-manager-challenges Error presenting challenge: alicloud: error getting hosted zones: zone top. not found in AliDNS