Auto Renewal of cert-manager certificate is not happening

naresh.ede · August 3, 2023, 8:21am

Hi,

Please let us know how to resolve the issue of auto renewal of kubernetes cert-manager

Below is the error msg which we are getting.

cert-manager/controller/certificaterequests-issuer-vault "msg"="re-queuing item due to optimistic locking on resource" "key"="cert-manager/cert-manager-certificate-rv2hb" "error"="Operation cannot be fulfilled on certificaterequests.cert-manager.io "cert-manager-certificate-rv2hb": the object has been modified; please apply your changes to the latest version and try again"

Steps : We have installed latest version cert-manager v1.6.1 wit helm.
We have also upgraded cluster in the staging env.

We tried this yaml file

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cert-manager-certificate
namespace: cert-manager
spec:
secretName: laika-staging-tls
duration: 2160h # 90 days (adjust as needed)
renewBefore: 360h # 15 days before expiration, cert-manager will attempt renewal
commonName: laika-staging
dnsNames:
- laika-staging.projectmetro.io
issuerRef:
group: cert-manager.io
kind: ClusterIssuer # Use "ClusterIssuer" if you are referencing a ClusterIssuer.
name: letsencrypt-prod

Please help us for auto renewing the certificates which it is going to expire on Aug 08th 2023.

Thanks
Naresh

rg305 · August 3, 2023, 9:49am

Hi @naresh.ede, and welcome to the LE community forum

I don't see the cert that is expiring:

Also: moved topic to "HELP" category

naresh.ede · August 3, 2023, 12:33pm

Hi ,

Please find the below certificate details which is expired on 19th May 2023. We are working on extension time, help us out to resolve this.

"creationTimestamp": "2023-04-12T23:00:03.498-07:00",
"expireTime": "2023-05-18T14:34:59.000-07:00",
"id": "1888967619669271692",
"kind": "compute#sslCertificate",
"name": "k8s2-cr-nttmcovu-kl7uqvqnbzn2bjqy-97dd8056bb1c4472",
"selfLink": "projects/leafy-trainer-177311/global/sslCertificates/k8s2-cr-nttmcovu-kl7uqvqnbzn2bjqy-97dd8056bb1c4472",
"selfManaged": {

Thanks
Naresh

naresh.ede · August 3, 2023, 12:34pm

Hi,

Please find the certificate expiry details screenshot

Thanks
Naresh

naresh.ede · August 17, 2023, 6:08am

Hi Team,

Post debugging we found that we have the below issue in staging environment.

error : Error syncing to GCP: error running load balancer syncing routine: error initializing translator env: secrets "laika-staging-tls" not found

Please help us out in resolving this issue.

Thanks
Naresh

naresh.ede · August 17, 2023, 6:09am

Hi

Please find another screenshot.

Thanks
Naresh

MikeMcQ · August 17, 2023, 1:28pm

That is a problem with your GCP configuration. This is not the best forum to help with that.

I googled parts of the error message and see suggestions on other forums.

A couple are:

system · September 16, 2023, 1:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kubernetes cert-manager fails to auto renew certificates Help	1	982	February 10, 2021
SSL certificate auto renew Help	3	455	April 5, 2023
AWS EKS Letsencrypt - ACME certificates expired and unable to renew automatically Help	2	924	August 5, 2023
Certificate renewal using cert-manager on kubernetes cluster Help	3	4077	January 22, 2020
TLS on kubernetes is not getting auto renewed Help	9	1915	July 6, 2022

Auto Renewal of cert-manager certificate is not happening

Related topics