I recently set up a fresh instance on v1.18 and, at fist, I had a misconfiguration in the docker-compose file causing the acme.json file to be mounted to an incorrect location on the Pangolin container. However, I copied the acme.json into the correct location, shut down the containers, fixed the volume mounts and restarted the containers and now most of my resources are showing "Certificate: Pending" (yellow). Only two of them are showing "Certificate: Valid" (green). The resources seem to be working fine otherwise.
Environment
OS Type & Version: Debian 13
Pangolin Version: 1.18.2
To Reproduce
Not sure.
Expected Behavior
The resources should show "Certificate: Valid" (green).
Originally created by @PHLAK on GitHub (May 6, 2026).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/3010
### Describe the Bug
I recently set up a fresh instance on v1.18 and, at fist, I had a misconfiguration in the `docker-compose` file causing the `acme.json` file to be mounted to an incorrect location on the Pangolin container. However, I copied the `acme.json` into the correct location, shut down the containers, fixed the volume mounts and restarted the containers and now most of my resources are showing "Certificate: Pending" (yellow). Only two of them are showing "Certificate: Valid" (green). The resources seem to be working fine otherwise.
<img width="1306" height="1818" alt="Image" src="https://github.com/user-attachments/assets/f6469568-0370-42c6-b1e6-af7c2828d264" />
### Environment
- OS Type & Version: Debian 13
- Pangolin Version: 1.18.2
### To Reproduce
Not sure.
### Expected Behavior
The resources should show "Certificate: Valid" (green).
Would always recommend using dns validation over http, as http has a rate limit and can take some time between, Also info disclosure per https://crt.sh/
<!-- gh-comment-id:4389559744 -->
@AstralDestiny commented on GitHub (May 6, 2026):
Would always recommend using dns validation over http, as http has a rate limit and can take some time between, Also info disclosure per https://crt.sh/
https://docs.fossorial.io/Pangolin/Configuration/wildcard-certs
<!-- gh-comment-id:4389617391 -->
@PHLAK commented on GitHub (May 6, 2026):
> Would always recommend using dns validation over http
I believe I am using DNS validation. I have the following set in my `traefik_config.yml` config file.
```
certificatesResolvers:
letsencrypt:
acme:
dnsChallenge:
provider: cloudflare
email: [REDACTED]
storage: /letsencrypt/acme.json
caServer: https://acme-v02.api.letsencrypt.org/directory
```
Can you put traefik into trace logs and then down and up and check what traefik says for when it comes to acme generation? and does your amce.json show the wildcards properly?
<!-- gh-comment-id:4389774950 -->
@AstralDestiny commented on GitHub (May 6, 2026):
Can you put traefik into trace logs and then down and up and check what traefik says for when it comes to acme generation? and does your amce.json show the wildcards properly?
I found this comment and was able to clear out my certificates table (though I'm using Postgres) and all resources are showing "Certificate: Valid" (green) now.
<!-- gh-comment-id:4390391323 -->
@PHLAK commented on GitHub (May 6, 2026):
I found [this comment](https://github.com/fosrl/pangolin/issues/2935#issuecomment-4348272408) and was able to clear out my `certificates` table (though I'm using Postgres) and all resources are showing "Certificate: Valid" (green) now.
<img width="1276" height="1308" alt="Image" src="https://github.com/user-attachments/assets/22e5046a-202b-46a2-909e-649c2f017b4d" />
<!-- gh-comment-id:4393128068 -->
@oschwartz10612 commented on GitHub (May 7, 2026):
Yeah sorry guys! For anyone still effected that needs to clear the certs
to fix it you can try
https://docs.pangolin.net/self-host/advanced/container-cli-tool#clear-certificates
on 1.18.3
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Originally created by @PHLAK on GitHub (May 6, 2026).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/3010
Describe the Bug
I recently set up a fresh instance on v1.18 and, at fist, I had a misconfiguration in the
docker-composefile causing theacme.jsonfile to be mounted to an incorrect location on the Pangolin container. However, I copied theacme.jsoninto the correct location, shut down the containers, fixed the volume mounts and restarted the containers and now most of my resources are showing "Certificate: Pending" (yellow). Only two of them are showing "Certificate: Valid" (green). The resources seem to be working fine otherwise.Environment
To Reproduce
Not sure.
Expected Behavior
The resources should show "Certificate: Valid" (green).
@AstralDestiny commented on GitHub (May 6, 2026):
Would always recommend using dns validation over http, as http has a rate limit and can take some time between, Also info disclosure per https://crt.sh/
https://docs.fossorial.io/Pangolin/Configuration/wildcard-certs
@PHLAK commented on GitHub (May 6, 2026):
I believe I am using DNS validation. I have the following set in my
traefik_config.ymlconfig file.@AstralDestiny commented on GitHub (May 6, 2026):
Can you put traefik into trace logs and then down and up and check what traefik says for when it comes to acme generation? and does your amce.json show the wildcards properly?
@PHLAK commented on GitHub (May 6, 2026):
I found this comment and was able to clear out my
certificatestable (though I'm using Postgres) and all resources are showing "Certificate: Valid" (green) now.@oschwartz10612 commented on GitHub (May 7, 2026):
Yeah sorry guys! For anyone still effected that needs to clear the certs
to fix it you can try
https://docs.pangolin.net/self-host/advanced/container-cli-tool#clear-certificates
on 1.18.3