When I had try to generate SSL through acme2

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://www.rossobrunello.co.in/

I ran this command: kubectl apply -f multi-app-ingress.yml

It produced this output: :- ingress.networking.k8s.io/kartify-chahak-ingress configured

My web server is (include version): Nginx ingress

The operating system my web server runs on is (include version): Kubernetes GKE

My hosting provider, if applicable, is: GKE

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

Can you give the actual command line you're running, and the complete output?

It'll be formatted better if you put three backticks before and after it when entering it into this forum, like this:

command line
1 Like

Command Line : - kubectl apply -f multi-app-ingress.yml
Output is :- ingress.networking.k8s.io/kartify-chahak-ingress configured

1 Like

I've not actually managed to pick up Kubernetes myself, so you may need to wait for other people to help you and it may just be me not understanding, but I'm confused what part of the process here is trying to get a certificate? Is it something in that yml or other configuration that's trying? You said you were using acme.sh in the other thread, so where does that get called, and what is its output?

1 Like

Sir Its Urgent so need your help... for this SSL issue

1 Like

I'm probably not going to be able to help you more myself, as I'm not familiar with the technologies you're using and I'm not understanding what you're trying to do to get a certificate, but there are plenty of other friendly people here; one of them might be able to assist.


i have diagnose error Failure Time: 2021-04-15T08:32:01Z
Reason: Failed to create Order: 400 urn:ietf:params:acme:error:malformed: Error creating new order :: Order cannot contain more than 100 DNS names
State: errored

That seems pretty self-explanatory--a cert can't contain more than 100 DNS names. You'll need to split them into separate certs.


Please Guide me how to increase above 100 Multi-domain (SAN) Certificates because we have reached 100 DNS name.

I'm afraid you'll need to consult the Kubernetes documentation or other support resources for that question.


If you provide us to upgrade our limit more then 100 Multi-domain (SAN) Certificates, its better for all new clients and also join with you more clients. although you charged for your service.

That isn't my decision, but I can't imagine any scenario where you really need more than 100 names on a cert. You just need to learn how to use your software properly.

1 Like

There are some rate limits that you can apply to get extended, but I don't think names-per-certificate is one of them. My understanding is that doing even 100 at once taxes their server quite a bit as they need to validate each of the names and check CAA and so forth.

Pretty much any system working on that scale has a way to use a different certificate per name. This leads to shorter connection times for your users, too.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.