non-acme api error: Context deadline exeeced #7444
Description
📢 This issue has been addressed in cert-manager 1.18.1: https://github.com/cert-manager/cert-manager/releases/tag/v1.18.1
ℹ Read the cert-manager 1.18 release-notes to learn more.
Describe the bug:
It's possible to get an context deadline exceeded error that is not related to acme. It would be useful to log more about the issue, like is it related to not able to reach the DNS server (Using RFC2136).
I1125 18:56:37.092253 1 dns.go:90] "presenting DNS01 challenge for domain" logger="cert-manager.controller.Present" resource_name="tikblog.sky.iki.fi-prod-tls-1-985049628-4164252823" resource_namespace="school" resource_kind="Challenge" resource_version="v1" dnsName="tikblog.sky.iki.fi" type="DNS-01" resource_name="tikblog.sky.iki.fi-prod-tls-1-985049628-4164252823" resource_namespace="school" resource_kind="Challenge" resource_version="v1" domain="tikblog.sky.iki.fi"
E1125 18:57:57.816028 1 sync.go:403] "error waiting for authorization" err="context deadline exceeded" logger="cert-manager.controller.acceptChallenge" resource_name="tikblog.sky.iki.fi-prod-tls-1-985049628-4164252823" resource_namespace="school" resource_kind="Challenge" resource_version="v1" dnsName="tikblog.sky.iki.fi" type="DNS-01"
E1125 18:57:57.816228 1 sync.go:240] "unexpected non-ACME API error" err="context deadline exceeded"
Expected behaviour:
Expected the error to say more, like DNS server not reacheable.
Steps to reproduce the bug:
- Dual-Stack DNS server
- Cluster having IPv6 routing issues to reach it
- DNS name used with both records types (A & AAAA)
- See issue.
Anything else we need to know?:
Environment details::
- Kubernetes version: Talos 1.8.0, Kubernetes 1.30.1
- cert-manager version: v1.16.2
- Install method: Helm
/kind bug