Letsencrypt blocking cert-manager v0.11?

Oh, okay, that’s good to hear. Did you just use the documentation to figure out what exactly to do?

That’s correct. This is the document I followed.

I followed those steps, and I see the request to letsencrypt for my cert but then I never get a response
certmanager v0.11

Normal Requested 34m cert-manager Created new CertificateRequest resource “MY-DOMAIN-com-tls-2721100191”
note this is stuck after 34m

From the logs
I1107 20:47:39.000655 1 sync.go:479] cert-manager/controller/certificates “level”=0 “msg”=“CertificateRequest is not in a final state, waiting until CertificateRequest is complete” “related_resource_kind”=“CertificateRequest” “related_resource_name”=“DOMAIN.XXXXX-com-tls-2721100191” “related_resource_namespace”=“DOMAIN” “resource_kind”=“Certificate” “resource_name”=“DOMAIN.XXXXX-com-tls” “resource_namespace”="" “state”=“Pending”

I reverted to v0.10.0 and I am up and running for now

We started seeing the same error on Tuesday:
E1108 18:51:27.547829 1 controller.go:180] certificates controller: Re-queuing item "" due to error processing: acme: urn:ietf:params:acme:error:rateLimited: Your ACME client is too old. Please upgrade to a newer version.

Then we upgraded to v 0.8.2 but the problem didn’t go away. Based on the discussion going on above, I should be able to get it working on v0.8.2.

Am I missing something, @JamesLE?

Hi, @fulhaq,

v0.8.2 will be OK. Is it possible that error message is stale, and your v0.8.2 installation hasn’t actually resubmitted the item?

Hi, welcome to the forum! From the cert-manager release page it looks like there was never a v0.8.2. I also see no entries from v0.8.2 in our logs. Are you sure you have the version number right?

James, thank you so much for your prompt response. It was indeed a problem with the incorrect version of cert-manager installed. I was able to bring it up to 10.1 and everything started working.

2 Likes

I had mis-typed the version. it was actually 0.7.2 that i had installed. My helm/fluxd was reverting cert-manager install to version 0.5.2. All started working once I upgraded to 0.10.1. I’m sure it would’ve worked with version 0.7.2 as well but I went ahead and installed the newer version of cert-manager. Thank you for your input!

2 Likes