issue with dns challenges after disabling http challenges (disableHTTPChallengesRole)

[rd-michel]

There may be an issue with this for dns challenges. I had enabled the new chart feature to disable http challenges and was getting this error until I reverted it.

E0619 17:50:26.232436       1 reflector.go:166] "Unhandled Error" err="k8s.io/client-go@v0.32.0/tools/cache/reflector.go:251: Failed to watch *v1.PartialObjectMetadata: failed to list *v1.PartialObjectMetadata:
 pods is forbidden: User \"system:serviceaccount:cert-manager:cert-manager\" cannot list resource \"pods\" in API group \"\" at the cluster scope" logger="UnhandledError"
W0619 17:50:42.046253       1 reflector.go:569] k8s.io/client-go@v0.32.0/tools/cache/reflector.go:251: failed to list *v1.PartialObjectMetadata: services is forbidden: User "system:serviceaccount:cert-manager:c
ert-manager" cannot list resource "services" in API group "" at the cluster scope

Originally posted by @bdrewery in #7666 (comment)

[wasd171]

Same issue, we do not use HTTP challenges, so we decided to disable them, but then cert-manager was unable to use the DNS challenge

[erikgb]

FYI we are working on fixing this issue.

[erikgb]

This new feature was reverted in #7836, and the original issue (#7598) it was trying to resolve has been reopened.

I suggest closing this issue for now, and hopefully we can provide a better solution for cert-manager 1.19.