CertManager can't generate TLS certificate for my domain

Question

I am deploying my application on a Scaleway Kapsule Kubernetes cluster and I am trying to generate TLS certificate from Let's Encrypt using Cert-Manager. Here is my resources :

---

Secret:

apiVersion: v1
stringData:
  SCW_ACCESS_KEY: XXX
  SCW_SECRET_KEY: XXX
kind: Secret
metadata:
  name: scaleway-secret
type: Opaque
  

---

Issuer:

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: scaleway
spec:
  acme:
    email: xxx
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    # for production use this URL instead
    # server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: scaleway-acme-secret
    solvers:
    - dns01:
        webhook:
          groupName: acme.scaleway.com
          solverName: scaleway
          config:
            accessKeySecretRef:
              key: SCW_ACCESS_KEY
              name: scaleway-secret
            secretKeySecretRef:
              key: SCW_SECRET_KEY
              name: scaleway-secret

---

Ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-lb
  annotations:
    cert-manager.io/issuer: scaleway
    kubernetes.io/tls-acme: "true"
spec:
  rules:
    - host: mydomain.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-svc
                port:
                  number: 80
  tls:
  - hosts:
    - mydomain.example.com
    secretName: mydomain.example.com-cert
          

But I encounter a strange error that I did not find in the internet and in any of the forums :

Error presenting challenge: failed to update DNS zone recrds: scaleway-sdk-go: http error 403 Forbidden: domain not found

My domain is pointing to the IP of the loadbalancer as it should and it's working. What could it be ?

Answer 1

failed to update DNS zone recrds: scaleway-sdk-go: http error 403 Forbidden

Your role has no right over the registered domain, see the documentation here.