Calls to .well-known every 5 seconds for more than 24 hours

I am receiving calls to .well-known every 5 seconds and have been for the last 24 hours.

The requests look like this:

“GET https://x.y.z/.well-known/acme-challenge/redacted” 403 554 “Go-http-client/2.0”

And as you can see the request is routed to my default pod which is a Java Spring server that responds with 403 Forbidden.

How can I stop these requests from being made?

Thank you!

My domain is:
Will disclose later if absolutely necessary

I ran this command:
Kubernetes cluster with cert-manager (currently uninstalled)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is:
Was cert-manger 0.2.5 but currently uninstalled
When this is resolved I intend to use 0.7.0

Hi @bbzg

what ip address creates these requests?

:wave: Hi @bbzg, welcome to the community forum.

We have seen lots of bugs that end up generating excessive traffic to our ACME server from this version of cert-manager.

Are you 100% sure it is fully uninstalled? The ACME server wouldn't be making HTTP-01 validation requests without an ACME client POSTing challenges.

Can you share your domain name? It would make it possible for me to check the server-side logs to see what user agent is initiating the challenges to confirm whether it is cert-manager.

If it's just using a generic Go user-agent, it's not the Let's Encrypt validation servers.

Plus it's using HTTPS -- if it was from Let's Encrypt, there would be an equal number of HTTP requests as well.


Good point! Maybe its a self-check from certmanager?

1 Like

Thanks for the help guys <3,

I tracked it down to a misconfiguration in another cluster that had been configured with faulty subdomain.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.