acme-challenge conflict with TXT record

Asked May 24 '23 at 13:19

Active May 29 '23 at 06:44

Viewed 102 times

I'm using cert-manager on Kubernetes and I'm trying to use the acme-challenge for creating a wildcard certificate on our Kubernetes cluster using DNS solver, in my case it seems that Fastly already uses the acme-challenge TXT record. there are two solutions that I can think of but I'm not sure it's possible and I'd like to find more ideas and find out what is the best solution to resolve the issue.

Provide Fastly with the ACME account private key, in this case Fastly and cert-manager will use the same value of a acme TXT record - https://cert-manager.io/docs/configuration/acme/#reusing-an-acme-account, https://medium.com/quark-works/kubernetes-same-domain-ssl-with-dns-verification-using-lets-encrypt-e3e806644bf4
Use some other method on Fastly in order to validate ownership of the domains and generate a wildcard certificate
can I use the acme-challenge TXT record as a sub subdomain?

edited May 29 '23 at 06:44

asked May 24 '23 at 13:19

Maoz Zadok

4,871
3
33
43

Here is another example of the same issue https://community.letsencrypt.org/t/multiple-acme-challenge-and-cnames/183097 – Maoz Zadok May 24 '23 at 13:41
I work at Fastly and I reached out to our TLS support team and their had a few questions about your setup. The feedback loop on StackOverflow isn't ideal. Would be great if you could reach out to support@fastly and the team can help investigate for you. – Integralist May 25 '23 at 16:39
@Integralist, sure, I'll do that, thank you – Maoz Zadok May 29 '23 at 06:40

acme-challenge conflict with TXT record

0 Answers0