Fix ZeroSSL configuration

A ZeroSSL configuration for CI was merged into main, but it doesn't work yet. Here's the relevant cert-manager logs:

I1129 15:36:11.952016       1 setup.go:111] cert-manager/controller/clusterissuers "msg"="generating acme account private key" "related_resource_kind"="Secret" "related_resource_name"="zerossl-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="zerossl-issuer" "resource_namespace"="" "resource_version"="v1" 
I1129 15:36:12.839796       1 setup.go:219] cert-manager/controller/clusterissuers "msg"="ACME server URL host and ACME private key registration host differ. Re-checking ACME account registration" "related_resource_kind"="Secret" "related_resource_name"="zerossl-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="zerossl-issuer" "resource_namespace"="" "resource_version"="v1" 
E1129 15:36:13.022144       1 setup.go:259] cert-manager/controller/clusterissuers "msg"="failed to register an ACME account" "error"="504 : <html>\r\n<head><title>504 Gateway Time-out</title></head>\r\n<body>\r\n<center><h1>504 Gateway Time-out</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n" "related_resource_kind"="Secret" "related_resource_name"="zerossl-prod" "related_resource_namespace"="cert-manager" "resource_kind"="ClusterIssuer" "resource_name"="zerossl-issuer" "resource_namespace"="" "resource_version"="v1" 
I1129 15:36:13.022238       1 conditions.go:95] Setting lastTransitionTime for Issuer "zerossl-issuer" condition "Ready" to 2021-11-29 15:36:13.022231136 +0000 UTC m=+20.585108328
E1129 15:36:13.022346       1 sync.go:60] cert-manager/controller/clusterissuers "msg"="error setting up issuer" "error"="504 : <html>\r\n<head><title>504 Gateway Time-out</title></head>\r\n<body>\r\n<center><h1>504 Gateway Time-out</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n" "resource_kind"="ClusterIssuer" "resource_name"="zerossl-issuer" "resource_namespace"="" "resource_version"="v1" 
E1129 15:36:13.037779       1 controller.go:163] cert-manager/controller/clusterissuers "msg"="re-queuing item due to error processing" "error"="504 : <html>\r\n<head><title>504 Gateway Time-out</title></head>\r\n<body>\r\n<center><h1>504 Gateway Time-out</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n" "key"="zerossl-issuer"

and kubectl describe clusterissuer zerossl:

Name:         zerossl-issuer
Namespace:    
Labels:       <none>
Annotations:  <none>
API Version:  cert-manager.io/v1
Kind:         ClusterIssuer
Metadata:
  Creation Timestamp:  2021-11-29T15:36:11Z
  Generation:          1
  Managed Fields:
    API Version:  cert-manager.io/v1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:kubectl.kubernetes.io/last-applied-configuration:
      f:spec:
        .:
        f:acme:
          .:
          f:externalAccountBinding:
            .:
            f:keyAlgorithm:
            f:keyID:
            f:keySecretRef:
              .:
              f:key:
              f:name:
          f:privateKeySecretRef:
            .:
            f:name:
          f:server:
          f:solvers:
    Manager:      kubectl-client-side-apply
    Operation:    Update
    Time:         2021-11-29T15:36:11Z
    API Version:  cert-manager.io/v1
    Fields Type:  FieldsV1
    fieldsV1:
      f:status:
        .:
        f:acme:
        f:conditions:
    Manager:         controller
    Operation:       Update
    Time:            2021-11-29T15:36:13Z
  Resource Version:  1482
  UID:               2c9201d6-cdef-4086-a9c8-10a0fc0a6301
Spec:
  Acme:
    External Account Binding:
      Key Algorithm:  HS256
      Key ID:         YEH34ghtuI35FgvA7skVWw
      Key Secret Ref:
        Key:          secret
        Name:         zerossl-eabsecret
    Preferred Chain:  
    Private Key Secret Ref:
      Name:  zerossl-prod
    Server:  https://acme.zerossl.com/v2/DV90
    Solvers:
      http01:
        Ingress:
          Class:  nginx
Status:
  Acme:
  Conditions:
    Last Transition Time:  2021-11-29T15:36:13Z
    Message:               Failed to register ACME account: 400 urn:ietf:params:acme:error:malformed: [External Account Binding] The account is not awaiting external account binding
    Observed Generation:   1
    Reason:                ErrRegisterACMEAccount
    Status:                False
    Type:                  Ready
Events:
  Type     Reason         Age                From          Message
  ----     ------         ----               ----          -------
  Warning  ErrInitIssuer  22m (x3 over 22m)  cert-manager  Error initializing issuer: 504 : <html>
<head><title>504 Gateway Time-out</title></head>
<body>
<center><h1>504 Gateway Time-out</h1></center>
<hr><center>nginx</center>
</body>
</html>

Edited Nov 29, 2021 by Maarten de Waard

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Fix ZeroSSL configuration