We are using istio inside of an aks cluster in Azure. When we request a single hostname certificate from Let’s Encrypt, everything is fine. If we try the same with a SAN certificate, we get this error:
istio-system challenge.acme.cert-manager.io/########-tls-7fvxt-1808699049-703080384 pending ########.com azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/########/resourceGroups/########/providers/Microsoft.Network/dnsZones/########.com/TXT/_acme-challenge?api-version=2017-10-01: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: 3d3dcca5-2f9b-4c94-91c8-0a51323b0f00\r\nCorrelation ID: 3b082dcc-0638-4aa8-8a40-c5b6f2d7dbdf\r\nTimestamp: 2021-02-23 15:13:30Z","error_codes":[7000215],"timestamp":"2021-02-23 15:13:30Z","trace_id":"3d3dcca5-2f9b-4c94-91c8-0a51323b0f00","correlation_id":"3b082dcc-0638-4aa8-8a40-c5b6f2d7dbdf","error_uri":"https://login.microsoftonline.com/error?code=7000215"} 14h
Has anyone seen this before?
Thanks in advance