Hi there, we use let's encrypt for custom domains on numerous websites that we host.
Many of our domains failed to renew this morning.
Our system is on Kubernetes and we use Cert Manager. We use the lua-resty-auto-ssl package.
My question is: How can we use the already issued 5 certs? I have heard this suggestion numberous times on these forums.
You'll see for our domain booking.keithreillyphotography.com, 5 certs were issued, OCSP is good. But the cert seems to not be returning because it keeps trying to issue
crt.sh | 9069310812
Here is a log: [lua] ssl_certificate.lua:291: auto-ssl: could not get certificate for booking.keithreillyphotography.com - using fallback - failed to get or issue certificate
Then we see these logs:
- Handling authorization for booking.keithreillyphotography.com
- Found valid authorization for booking.keithreillyphotography.com
- ssl_certificate.lua:291: auto-ssl: could not get certificate
- lets_encrypt.lua:40: issue_cert(): auto-ssl: dehydrated failed
This continues until the 5 cert limit per domain is hit
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
Not working examples:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): Certmanager