Kubernetes cert-manager silently gives up after creating HTTP-01 challenge file?

Hey, so we have a thread in the Portuguese support category in which a user is stuck and I thought I would summarize the problem in English just to see if someone knows more about this.

This user is using the Kubernetes cert-manager and got this log entry

I0329 19:16:49.167591       1 solver.go:87] cert-manager/acmesolver "msg"="got successful challenge request, writing key" "base_path"="/.well-known/acme-challenge" "host"="suporte.klavaecia.com.br" "path"="/.well-known/acme-challenge/JOs0RoZfu_XIKtVb2s1ZztgB3UjC8MnFL0KqQYgl8S0" "token"="JOs0RoZfu_XIKtVb2s1ZztgB3UjC8MnFL0KqQYgl8S0"

The HTTP-01 challenge file exists and is publicly accessible at this location (the challenge seems to me to have been correctly solved), but nothing else seems to have happened or gotten logged, and indeed the associated challenge (whose URL was identified with some kind of kubectl command) is still, at this moment, in pending state on the CA. So it seems like cert-manager never went on to inform the CA that the challenge had been satisfied.

Does anyone know why this might happen, or whether there is a command that would nudge it further along, or where we can find more logs in this environment that might help with debugging?


Do we have the order polling URL?

Some time ago I assisted a user whose client gave up checking too early and the order was eventually validated, but the client had gave up in the meantime (it was win-acme, not cert-manager).

It's still pending, though: https://acme-v02.api.letsencrypt.org/acme/order/473503860/75541566130

1 Like

what is win acme?
I don't understand , how i can solved this?

win-acme is another acme client, it has nothing to do with your issue.

1 Like

in cert-manager i have just port 80 and 443 rigth?

I'm solved this problem. THANKS


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.