Stack Overflow
Stack Overflow

Questions tagged [acme]

85 questions
0
votes
2 answers

Kubernetes Letsencrypt Cert-Manager Acme http-01 challenge propagation: wrong status code '404', expected '200'

currently I am setting up a bare metal kubernetes cluster containing two nodes with metallb as load balancer. The ingress I am using is nginx also setup via helm: ```helm install nginx nginx/nginx``` I setup cert-manager via helm: ```helm install…
Robert Fent
  • 195
  • 1
  • 11
0
votes
0 answers

Cert-Manager: renewing certificate not working

Folks, am trying to renew certificates for a wildcard domain, and am seeing the following errors when looking at the logs on the certmanager pod, and at the error in the certificaterequest Message: Waiting on certificate issuance from…
Cmag
  • 14,946
  • 25
  • 89
  • 140
0
votes
1 answer

Can the ACME version 2 protocol be used to distribute SSL certificates (and keys) or only send new certificates?

ACME is used by some certificate authorities to process automated signing of certificate requests and issue resulting certificates. An increasing number of applications (Eg Traefik) now have builtin support for ACME. This is very useful for…
Philip Couling
  • 13,581
  • 5
  • 53
  • 85
0
votes
0 answers

My ssl certificate generates with lets encrypt but does not install

I'm using [this][1] library to generate SSL certificates. My storage generates 4 files: certificate.pem, private_key.pem, chain.pem, and fullchain.pem. I want to install this certificate in acquia cloud using their Rest API post endpoint to install…
Sidney Sousa
  • 3,378
  • 11
  • 48
  • 99
0
votes
0 answers

Lego / certbot + DNS Challenge in a CNAME scenario

i am trying to create a certbot / lego ACME client, which can create letsencrypt certificates with the DNS plugin for Route53. LetsEncrypt allows to "redirect" a domain to another provider with a…
Lucar Toni
  • 1
  • 1
0
votes
1 answer

Cannot import gym_wrapper for ACME, any solution?

Import of acme is successfull, but not able to find gym wrapper class import acme from acme.wrappers import gym_wrapper Error Message while running ModuleNotFoundError Traceback (most recent call…
Mukesh Reddy
  • 11
  • 1
0
votes
1 answer

cert-manager vs. ACME protocol

Trying to understand how cert-manager is different from the ACME protocol since both do the same thing. Does cert-manager use the ACME protocol? We have our domain DNS in GoDaddy, a Kubernetes cluster in Oracle Cloud OCI and cert-manager and we use…
kachwa
  • 41
  • 6
0
votes
0 answers

can't load cert and key from storage: failed to get from node cache: connection refused

I am new to kong.Now I am trying auto create and renew SSL certificate with the help of acme plugin. According to their official documentation I followed all the steps but now it says 2022/01/07 12:23:44 [warn] 32#0: *2043 [kong] handler.lua:100…
MD. MEHEDI HASAN RUMI
  • 21
  • 4
0
votes
1 answer

K8s Internal ACME server with cert-manager for issuing only internal k8s certs - htttp challenge issue

Is it possible to use cert-manager to generate a certificate for a workload only in a cluster with ACME server in one of the namespaces? As far I understood cert-manager tries to reach dns name via egressing the cluster and ingressing the cluster to…
Maciek Leks
  • 1,288
  • 11
  • 21
0
votes
1 answer

DNS challenge from traefik to PowerDNS

Trying to setup the DNS challenge to get a wildcard certificate. This is what our environment variables look like: environment: - TRAEFIK_ENTRYPOINTS_HTTP=true - TRAEFIK_ENTRYPOINTS_HTTP_ADDRESS=:80 - TRAEFIK_ENTRYPOINTS_HTTPS=true -…
Halil
  • 1
  • 3
0
votes
1 answer

Automated ACME subdomain SSL certificate generation for resources on different IP addresses

I've been investigating the possibility of migrating to using Let's Encrypt to maintain the SSL certificates we have in place for the various resources we use for our operations. We have the following resources using SSL certificates: Main website…
G_Hosa_Phat
  • 976
  • 2
  • 18
  • 38
0
votes
0 answers

cert-manager is trying to use dns-01 instead of https-01 resolver

I'm trying to issue certificates for my Kubernetes cluster through the cert-manager using the HTTP challenge verification. However, for some reason, the challenge order is trying to use the dns-01 verifier, which is not configures. I was trying to…
user1563721
  • 1,373
  • 3
  • 28
  • 46
0
votes
0 answers

cert-manager with ZeroSSL creating multiple orders even if previous orders are ready

I'm using ZeroSSL account to create ACME certificates. I was able to get EAB credentials from ZeroSSL, which I added to the ClusterIssuer. apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: name: zerossl-prod spec: acme: #…
nirvair
  • 4,001
  • 10
  • 51
  • 85
0
votes
0 answers

Read SSL PEM generated file to get certificate expiry date

I'm using https://github.com/fszlin/certes to generate an SSL PEM file and private key, but throughout the process I can't seem to see where to get the certificates expiry date (or even if it's in there). I have found the order expiry date which is…
Stuart Palmer
  • 191
  • 1
  • 1
  • 11
0
votes
1 answer

How to solve x509: certificate has expired or is not yet valid when doing http requests

I have a web server that gets it's certs from golang.org/x/crypto/acme/autocert I run it on a VM. Relevante code: cache := autocert.DirCache("cert") certManager := autocert.Manager{ Prompt: autocert.AcceptTOS, HostPolicy:…
TidStorm
  • 66
  • 1
  • 8
1 2 3 4
5
6