Cloudflare Acme Challenge broken

[ruohki]

Hey, the acme Cloudflare challenge does not finish properly. Manually deleting the TXT DNS entries works, but is a chore.

Here is the related issue in the cert-manager repo: https://github.com/cert-manager/cert-manager/issues/7540

In this issue, they state the fix is not going to get applied to cert-manager:1.15.x as its EOL. Can we move on to 1.16.4+ ? https://github.com/cert-manager/cert-manager/pull/7651

I am on operator version 1.15.1

[lunarwhite]

@ruohki Thanks for bring this up! cert-manager operator v1.16 release (based on upstream v1.16.4+) is targeted for late May or early June.

[vsolasa]

is there a work around if we cannot upgrade Redhat cert manager to 1.16.4? Most of our clients are seeing this issue and we need a temporary fix to use Redhat Cert Manager.

manually delete the TXT Record _acme_challenge created in Cloudflare by the Cert Manager didn't help. hence the question.

[aroute]

@ruohki Thanks for bring this up! cert-manager operator v1.16 release (based on upstream v1.16.4+) is targeted for late May or early June.

Can Red Hat please give this a priority? It's inconvenient to manually delete TXT entries in the middle of an install, to pull certificates.

[lunarwhite]

Downstream cert-manager operator v1.16.0 shipped live on 2025/05/27 with the bugfix for the Cloudflare breaking issue. We'd encourage users to upgrade to 1.16 to get rid of the bug.

Please feel free to reopen it if have any future issue.

/close

[openshift-ci[bot]]

@lunarwhite: Closing this issue.

In response to this:

Downstream cert-manager operator v1.16.0 shipped live on 2025/05/27 with the bugfix for the Cloudflare breaking issue. We'd encourage users to upgrade to 1.16 to get rid of the bug.

Please feel free to reopen it if have any future issue.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.