I'm trying to create a wildcard cert via cert-manager for my domain.
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ipa
spec:
# Secret names are always required.
secretName: ipa-tls
duration: 2160h # 90d
renewBefore: 360h # 15d
subject:
organizations:
- example
dnsNames:
- example.com
- '*.example.com'
issuerRef:
name: letsencrypt-staging-dns
kind: ClusterIssuer
But when I try this, the cert-manager pod shows the error
E1023 21:59:17.992812 1 controller.go:158] cert-manager/controller/challenges "msg"="re-queuing item due to error processing" "error"="Zone com. not found in CloudFlare for domain _acme-challenge.example.com." "key"="wfs/ipa-m8tgc-3507745176-457016601"
What exactly is that error? The top level example.com and the wildcard *.example.com both go to the same IP address.
Edit - Added Issuer yaml
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-staging-dns
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: <redacted>
privateKeySecretRef:
name: letsencrypt-staging-dns
solvers:
- dns01:
cloudflare:
email: <redacted>
apiTokenSecretRef:
name: cloudflare-api-key
key: api-token
