Getting a fake acme certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:kubectl get cert

It produced this output:
example-app True example-app-tls 14m
My web server is (include version):

The operating system my web server runs on is (include version):nginx latest

My hosting provider, if applicable, is: go daddy

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):using cert manager in AKS

What should I follow to get a valid Certificate using cert-manage for acme.

You are probably using the Let's Encrypt staging endpoint instead of the production one.

Change this:

to this:


Hi @manojit123, and welcome to the LE community forum :slight_smile:

A cert was issued: |

But the site is not using that cert.
It showed a cert for "ingress.local".

Does cert-manager have a support channel?


Seems like the site has gone silent:
[even the HTTP site is gone]

curl -Ii
HTTP/1.1 404 Not Found
Date: Sat, 18 Mar 2023 03:07:33 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

Also, note that the issued cert does NOT contain the "www".



Name:    *

You are correct on your findings rg305. I am able see a proper certificate and TLS secret in Kubernetes but some how the site is taking only ingress.local cert. Can you guide what I am missing with..

curl -Li

HTTP/1.1 200 OK

Date: Sat, 18 Mar 2023 04:26:54 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 611

Connection: keep-alive

I am using

Do we need to add "www" in the common name of cert? is it mandatory requirement? Pls suggest is a go daddy domain name.. There is not server with that name. I have deployed a ingress with hostname as

I could fix the problem like changing the ingress hostname as Now it is working as expected.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.