I have a problem with staging certificates. The environment is an openshift cluster and the actual version of cert-manager (1.8.0) as operator.
I have no problem with live certificates. That went well. I created an ClusterIssuer:
And a certificate-ressource:
- "my company"
("hyhost is only a placeholder here, I used the host from the route.) And as result I get a secret with the certificate. Nice.
Then I created a second Clusterissuer and used the staging api url:
The creation of both issuers went well.
But if I then use a certificate ressource for the staging environment (issuerRef with my staging clusterissuer), I do not get the certificate. I stays in state pending and if I open the challenge URL (https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/xyz) I get:
"detail": "Method not allowed",
I took a long look at the google university and found on letsencrypt zertifikate erstellen - fehlschlag - KeyHelp Community that there might be a difference between the live and staging APIs.
But I do not know the difference or what I have to change to get staging certifiates working. What I tried is to minimalize the issuer (no mail) and the certificate-ressource (deleting parts beginning with "duration" to the end).
Has anyone an idea?