[GH-ISSUE #302] cert-manager acme-dns, testing, skip verify tls? #158

New issue

Open

opened 2026-03-13 15:58:46 +03:00 by kerem · 3 comments

kerem commented

2026-03-13 15:58:46 +03:00

Owner

Originally created by @bitsofinfo on GitHub (Apr 26, 2022).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/302

Hi,
Not sure where to ask this, but I am testing the latest acme-dns w/ tls = "letsencryptstaging", on startup it appears to get the certificate fine and presents it ok on 443.

My question is I'm trying to test this setup using the acme-dns solver w/ cert-manager. How can I configure the acme-dns solver to accept the self signed certificated that acme-dns got from letsencryptstaging on boot?

Originally created by @bitsofinfo on GitHub (Apr 26, 2022). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/302 Hi, Not sure where to ask this, but I am testing the latest acme-dns w/ `tls = "letsencryptstaging"`, on startup it appears to get the certificate fine and presents it ok on `443`. My question is I'm trying to test this setup using the [acme-dns solver](https://cert-manager.io/docs/configuration/acme/dns01/acme-dns/) w/ cert-manager. How can I configure the `acme-dns` solver to accept the self signed certificated that `acme-dns` got from `letsencryptstaging` on boot?

kerem commented

2026-03-13 15:58:52 +03:00

Author

Owner

@bitsofinfo commented on GitHub (Apr 26, 2022):

I'm getting this kind of error in cert-manager

I0426 15:33:09.736447       1 dns.go:355] cert-manager/challenges/Present/solverForChallenge "msg"="preparing to create ACMEDNS provider" "dnsName"="myapp.int.mytest99.net" "domain"="myapp.int.mytest99.net" "resource_kind"="Challenge" "resource_name"="myapp-int-ha901-net-cert-9xvcv-56847766-2596481006" "resource_namespace"="edg-apps" "resource_version"="v1" "type"="DNS-01" 
I0426 15:33:09.736537       1 dns.go:102] cert-manager/challenges/Present "msg"="presenting DNS01 challenge for domain" "dnsName"="myapp.int.mytest99.net" "domain"="myapp.int.mytest99.net" "resource_kind"="Challenge" "resource_name"="myapp-int-ha901-net-cert-9xvcv-56847766-2596481006" "resource_namespace"="edg-apps" "resource_version"="v1" "type"="DNS-01" 
E0426 15:33:09.736593       1 controller.go:166] cert-manager/challenges "msg"="re-queuing item due to error processing" "error"="account credentials not found for domain myapp.int.mytest99.net" "key"="edg-apps/myapp-int-ha901-net-cert-9xvcv-56847766-2596481006" 
I0426 15:33:09.736720       1 logs.go:177] cert-manager/controller "msg"="Event(v1.ObjectReference{Kind:\"Challenge\", Namespace:\"edg-apps\", Name:\"myapp-int-ha901-net-cert-9xvcv-56847766-2596481006\", UID:\"XXXXXXX-93bc-4375-9a88-XXXXXX\", APIVersion:\"acme.cert-manager.io/v1\", ResourceVersion:\"22318508\", FieldPath:\"\"}): type: 'Warning' reason: 'PresentError' Error presenting challenge: account credentials not found for domain myapp.int.mytest99.net"

and nothing in the acme-dns server logs

@bitsofinfo commented on GitHub (Apr 26, 2022): I'm getting this kind of error in cert-manager ``` I0426 15:33:09.736447 1 dns.go:355] cert-manager/challenges/Present/solverForChallenge "msg"="preparing to create ACMEDNS provider" "dnsName"="myapp.int.mytest99.net" "domain"="myapp.int.mytest99.net" "resource_kind"="Challenge" "resource_name"="myapp-int-ha901-net-cert-9xvcv-56847766-2596481006" "resource_namespace"="edg-apps" "resource_version"="v1" "type"="DNS-01" I0426 15:33:09.736537 1 dns.go:102] cert-manager/challenges/Present "msg"="presenting DNS01 challenge for domain" "dnsName"="myapp.int.mytest99.net" "domain"="myapp.int.mytest99.net" "resource_kind"="Challenge" "resource_name"="myapp-int-ha901-net-cert-9xvcv-56847766-2596481006" "resource_namespace"="edg-apps" "resource_version"="v1" "type"="DNS-01" E0426 15:33:09.736593 1 controller.go:166] cert-manager/challenges "msg"="re-queuing item due to error processing" "error"="account credentials not found for domain myapp.int.mytest99.net" "key"="edg-apps/myapp-int-ha901-net-cert-9xvcv-56847766-2596481006" I0426 15:33:09.736720 1 logs.go:177] cert-manager/controller "msg"="Event(v1.ObjectReference{Kind:\"Challenge\", Namespace:\"edg-apps\", Name:\"myapp-int-ha901-net-cert-9xvcv-56847766-2596481006\", UID:\"XXXXXXX-93bc-4375-9a88-XXXXXX\", APIVersion:\"acme.cert-manager.io/v1\", ResourceVersion:\"22318508\", FieldPath:\"\"}): type: 'Warning' reason: 'PresentError' Error presenting challenge: account credentials not found for domain myapp.int.mytest99.net" ``` and nothing in the acme-dns server logs

kerem commented

2026-03-13 15:58:57 +03:00

Author

Owner

@gbonnefille commented on GitHub (Apr 27, 2022):

My question is I'm trying to test this setup using the acme-dns solver w/ cert-manager. How can I configure the acme-dns solver to accept the self signed certificated that acme-dns got from letsencryptstaging on boot?

Since you have check that a given configuration can obtain the cert from Let's Encrypt Staging, why not simply switch to production? The cert will then be valid and accepted directly by cert-manager.

@gbonnefille commented on GitHub (Apr 27, 2022): > My question is I'm trying to test this setup using the [acme-dns solver](https://cert-manager.io/docs/configuration/acme/dns01/acme-dns/) w/ cert-manager. How can I configure the acme-dns solver to accept the self signed certificated that acme-dns got from letsencryptstaging on boot? Since you have check that a given configuration can obtain the cert from Let's Encrypt Staging, why not simply switch to production? The cert will then be valid and accepted directly by cert-manager.

kerem commented

2026-03-13 15:59:02 +03:00

Author

Owner

@maddes-b commented on GitHub (Sep 21, 2024):

Staging is for testing your initial setup.
After testing is done, then switch to LE prod for the real usage.

Close this issues if solved.

@maddes-b commented on GitHub (Sep 21, 2024): Staging is for testing your initial setup. After testing is done, then switch to LE prod for the real usage. Close this issues if solved.