Skip to content

ClusterIssuer.cert-manager.io "letsencrypt" is invalid: spec.acme.privateKeySecretRef: Required value... #7845

New issue
New issue
Open
Open
ClusterIssuer.cert-manager.io "letsencrypt" is invalid: spec.acme.privateKeySecretRef: Required value...#7845
Labels
kind/bugCategorizes issue or PR as related to a bug.
@evanstucker-hates-2fa

Description

@evanstucker-hates-2fa
evanstucker-hates-2fa
opened on Jul 7, 2025

Describe the bug:
privateKeySecretRef.name is supposed to have a default of "tls.key" (see https://github.com/cert-manager/cert-manager/blob/6836b366e091b8c380751b9fc964938381dae7af/pkg/apis/acme/v1/types_issuer.go#L90C46-L90C53), but apparently that doesn't work, because I get this error when I don't specify it:

$ k get ks -n flux-system cert-manager-custom-resources 
NAME                            AGE   READY   STATUS
cert-manager-custom-resources   64m   False   ClusterIssuer/cert-manager/letsencrypt dry-run failed (Invalid): ClusterIssuer.cert-manager.io "letsencrypt" is invalid: spec.acme.privateKeySecretRef: Required value...

Expected behaviour:
privateKeySecretRef.name should default to "tls.key".

Anything else we need to know?:

Environment details:

  • Kubernetes version: v1.33.1+k0s
  • Cloud-provider/provisioner: k0s on bare metal
  • cert-manager version: 1.18.2
  • Install method: helm

/kind bug

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions