You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're trying to set up a terraform setup where a certificate is acquired using the letsencrypt provider, and then uploaded to hetzner and used for a load balancer. However, since the hetzner provider doesn't support in-place updates of the certificate data, we're unable to update the certificate when it's close to its expiration date.
More specifically, when the LE certificate gets re-issued, TF tries to destroy and re-create the hetzner certificate, which in turn results in the following error, since the certificate is used by a load balancer:
Error: certificate still in use (service_error, xxxxxxxxxxxxxxx)
I don't know if it's possible to add support for updating existing certificates (since I don't see that option from the hetzner cloud UI either), so any help or alternative solutions to this would be greatly appreciated.
The text was updated successfully, but these errors were encountered:
You should be able to rotate the certificate of a load balancer by creating a new certificate and updating the load balancer service with the new certificate.
Could you provide us the Terraform code you use to perform this action?
The problem with that is that I don't control the renewal of the LE certificate, so once it gets renewed I don't have a good way to rotate it in this way without having to manually remove the hcloud certificate resource from the terraform state, and create a new one with a different name.
I can't provide the exact Terraform code since we're using CDKTF, but here's a close equivalent:
What whould you like to see?
We're trying to set up a terraform setup where a certificate is acquired using the letsencrypt provider, and then uploaded to hetzner and used for a load balancer. However, since the hetzner provider doesn't support in-place updates of the certificate data, we're unable to update the certificate when it's close to its expiration date.
More specifically, when the LE certificate gets re-issued, TF tries to destroy and re-create the hetzner certificate, which in turn results in the following error, since the certificate is used by a load balancer:
I don't know if it's possible to add support for updating existing certificates (since I don't see that option from the hetzner cloud UI either), so any help or alternative solutions to this would be greatly appreciated.
The text was updated successfully, but these errors were encountered: