ACME fail No ACME certificate generation required for domains

titansmc · November 7, 2022, 3:38pm

Hi,
I have a wildcard certificate for *.domain.de and when trying to add apps.domain.de cert it tells me that "No CAME cert generation required", is it because it finds a suitable certificate for that domain? What will happen when the *.domain.de expires? will it automatically trigger the generation of the new cert?
I don't plan to renew the wildcard cert but I would like to start moving the services to a individual domain certificates.

time="2022-11-07T13:22:55Z" level=debug msg="Try to challenge certificate for domain [apps.domain.de] found in HostSNI rule" rule="Host(`apps.domain.de`) && PathPrefix(`/pptop`)" providerName=sectigo.acme ACME CA="https://acme.sectigo.com/v2/OV" routerName=savitski-group-pptop-shiny-apps-embl-de-pptop@kubernetes
time="2022-11-07T13:22:55Z" level=debug msg="Try to challenge certificate for domain [apps.domain.de] found in HostSNI rule" ACME CA="https://acme.sectigo.com/v2/OV" routerName=websecure-savitski-group-pptop-shiny-apps-embl-de-pptop@kubernetes rule="Host(`apps.domain.de`) && PathPrefix(`/pptop`)" providerName=sectigo.acme
time="2022-11-07T13:22:55Z" level=debug msg="Looking for provided certificate(s) to validate [\"apps.domain.de\"]..." providerName=sectigo.acme ACME CA="https://acme.sectigo.com/v2/OV" routerName=arendt-group-evocelldb-apps-embl-de-evocelldb@kubernetes rule="Host(`apps.domain.de`) && PathPrefix(`/evocelldb`)"
time="2022-11-07T13:22:55Z" level=debug msg="No ACME certificate generation required for domains [\"apps.domain.de\"]." rule="Host(`apps.domain.de`) && PathPrefix(`/evocelldb`)" providerName=sectigo.acme ACME CA="https://acme.sectigo.com/v2/OV" routerName=arendt-group-evocelldb-apps-embl-de-evocelldb@kubernetes

bluepuma77 · November 7, 2022, 7:04pm

„No cert generation required“ usually happens when all required certs already exist in acme.json.

From the docs:

Traefik automatically tracks the expiry date of ACME certificates it generates.
By default, Traefik manages 90 days certificates, and starts to renew certificates 30 days before their expiry.

titansmc · November 8, 2022, 7:49am

Thanks!
The thing is that the wildcard certificate wasn't generated via ACME, was manually requested and mounted inside the container...but it seems to find that is existing already a certificate that fits the domain.
Cheers.

Topic		Replies	Views
Traefik - "No ACME certificate generation required for domains" Traefik v2 letsencrypt-acme	4	2695	September 13, 2021
Let's Encrypt - ACME, No new certificates are generated Traefik v2 letsencrypt-acme	9	3841	January 8, 2023
Unable to obtain ACME certificate for domains error unable to generate a certificate for the domains Traefik v3 (latest) docker , letsencrypt-acme	6	2465	June 1, 2024
Suddenly experiencing Error 400: Invalid Domain errors with LE Certs Traefik v2 letsencrypt-acme	3	1735	November 5, 2022
How do i generate separete certeficates ondemand on diff subdomains Traefik v2 letsencrypt-acme	7	322	January 29, 2023

ACME fail No ACME certificate generation required for domains

Related topics