Switching from ACME staging to prod reuses existing state and requires deleting data.db

[ahmetb]

When I modify kube-cert-manager pod spec with the

-acme-url=https://acme-v01.api.letsencrypt.org/directory

argument, delete the TLS secret obtained during the staging configuration and deploy the new kube-cert-manager, it constantly keeps failing with the following error:

2017/04/25 16:43:39 [INFO][ng.alp.im] acme: Obtaining bundled SAN certificate
2017/04/25 16:43:40 Error while processing certificate during sync: Error while obtaining certificate for new domain ng.alp.im: acme: Error 400 - urn:acme:error:badNonce - JWS has invalid anti-replay nonce zT-Lj3iJ6j3XeJsS6ej2PcxdKoY-scuvwfsvwWbC1r8

It looks like somebody reported this before (#23) and suggested deleting data.db directory in the persistent volume. This is not an ideal solution.

It looks like kube-cert-manager is not correctly namespacing the ACME prod/staging URLs. When I give it a new URL it hasn't seen before, it should not use any of the state recorded before.

[luna-duclos]

This is indeed a bug, kcm should be smart enough to realize it's data.db belongs to another server and do the right thing. either delete old data (not ideal) or namespace things (better)