Cert-Manager dns01 webhook for Oracle Cloud

Traefik Traefik v2
1

Hello,

I am trying to setup DNS01 Challenge for OCI in Cert Manager

I have created following components in sequence

apiVersion: v1
kind: Secret
metadata:
  name: oci-secret
  namespace: cert-manager
type: Opaque
data:
  tenancy: ****=
  user: ****=
  region: ***==
  fingerprint: ***
  privateKey: ***=
  privateKeyPassphrase: ""

#Taken From 
# [DEFAULT] 
# user=ocid1.user.oc1..##########
# fingerprint=#:#:#:#
# tenancy=ocid1.tenancy.oc1..########
# region=us-ashburn-1
# key_file=<path to your private keyfile>

---

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-oci
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: admin@mycompany.com
    privateKeySecretRef:
      name: prod-cert
    solvers:
      - dns01:
          webhook:
            groupName: acme.d-n.be
            solverName: oci
            config:
              ociProfileSecretName: oci-secret

---

apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
  name: prod-cert
  namespace: cert-manager
  annotations:
    kubed.appscode.com/sync: ""
data:
  ca.crt: ''
  tls.crt: ''
  tls.key: ''

---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: prod-cert
  namespace: cert-manager
spec:
  commonName: '*.mydomain.io'
  secretName: prod-cert
  dnsNames:
    - '*.mydomain.io'
  issuerRef:
    name: letsencrypt-oci
    kind: ClusterIssuer
    group: cert-manager.io

---

After creating these resources I checked the status of CertificateRequest I see

Status:
  Conditions:
    Last Transition Time:  2023-07-28T17:38:15Z
    Message:               Certificate request has been approved by cert-manager.io
    Reason:                cert-manager.io
    Status:                True
    Type:                  Approved
    Last Transition Time:  2023-07-28T17:38:15Z
    Message:               Referenced issuer does not have a Ready status condition
    Reason:                Pending
    Status:                False
    Type:                  Ready
Events:
  Type    Reason           Age   From          Message
  ----    ------           ----  ----          -------
  Normal  cert-manager.io  16m   cert-manager  Certificate request has been approved by cert-manager.io
  Normal  IssuerNotReady   16m   cert-manager  Referenced issuer does not have a Ready status condition

Certificate Status

Status:
  Conditions:
    Last Transition Time:        2023-07-28T17:38:15Z
    Message:                     Issuing certificate as Secret does not contain a private key
    Observed Generation:         1
    Reason:                      MissingData
    Status:                      False
    Type:                        Ready
    Last Transition Time:        2023-07-28T17:38:15Z
    Message:                     Issuing certificate as Secret does not contain a private key
    Observed Generation:         1
    Reason:                      MissingData
    Status:                      True
    Type:                        Issuing
  Next Private Key Secret Name:  prod-cert-6ll5q
Events:
  Type    Reason     Age   From          Message
  ----    ------     ----  ----          -------
  Normal  Issuing    16m   cert-manager  Issuing certificate as Secret does not contain a private key
  Normal  Generated  16m   cert-manager  Stored new private key in temporary Secret resource "prod-cert-6ll5q"
  Normal  Requested  16m   cert-manager  Created new CertificateRequest resource "prod-cert-chs8q"

What I am missing here ?

2

What is OCI? This looks like k8s, I recommend to add an appropriate tag to your post.