I have certbot configured to issue wildcard certificate on my nginx server.
I have an OKD(openshift) cluster with cert-manager installed and i want to reuse my letsencrypt account configured on my nginx server to issue certificates with cert-manager.
I have configured a ClusterIssuer, but it doenst become ready. I get the following condition:
ErrVerifyACMEAccount / Account private key is invalid: no data for "tls.key" in secret 'openshift-operators/letsencrypt-issuer-account-key'
Can someone help me how to get the existing account keys from my nginx server and configure the OKD secret with them?
My server is:
Ubuntu 16 / nginx with certbot configured with rfc2136 to issue wildcard certificates.
I want to reuse my account credentials on OKD 4.10, with "cert-manager". I have root shell on both.
Hello @lmiranda, welcome to the Let's Encrypt community.
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Is that necessary? Certain things like increased Rate Limits are tied to a Let's Encrypt account but otherwise there is no problem having multiple accounts requesting certs. Even for the same domain names.
So, unless you have special account privileges (you would know if you did), just start using cert-manager as if the first time.
I agree with this sentiment. But if you really really want to use the same account, the cert-manager devs or community might be a better place to ask for how to import an existing account key. I'm not sure any of the regulars here actually use cert-manager.
