Cert-manager pending: Indicates that the certificate is waiting for issuance

Help
1

Pending : Indicates that the certificate is not yet issued and is waiting for issuance.

We have created certificate, but it stuck in pending state to issue certificate, please do needful below i am sharing the full details.

Status:
Conditions:
Last Transition Time: 2023-03-13T06:43:11Z
Message: Certificate request has been approved by cert-manager.io
Reason: cert-manager.io
Status: True
Type: Approved
Last Transition Time: 2023-03-13T06:43:11Z
Message: Waiting on certificate issuance from order istio-system/infra-istio-certs-certificate-4bg7j-1400466720: "pending"
Reason: Pending
Status: False
Type: Ready
Events:

Order status:
Status:
Authorizations:
Challenges:
Token: N4WoTQnbdjO2WvGKYO9pN8cG9m_yaYeayWn7ZUttQCM
Type: dns-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/206539857866/eTPkxQ
Identifier: voleer.io
Initial State: valid
URL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/206539857866
Wildcard: true
Challenges:
Token: 2gbCscFlcuSGzcVYtJl2llQC-ptYhIvdSJMtbcHSz7Q
Type: http-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/210444976567/ieG11g
Token: 2gbCscFlcuSGzcVYtJl2llQC-ptYhIvdSJMtbcHSz7Q
Type: dns-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/210444976567/rjDRZQ
Token: 2gbCscFlcuSGzcVYtJl2llQC-ptYhIvdSJMtbcHSz7Q
Type: tls-alpn-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/210444976567/P_Hjdw
Identifier: voleer.io
Initial State: pending
URL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/210444976567
Wildcard: false
Finalize URL: https://acme-v02.api.letsencrypt.org/acme/finalize/90086950/169789857797
State: pending
URL: https://acme-v02.api.letsencrypt.org/acme/order/90086950/169789857797
Events:

My domain name id: https://voleer.io

2

Hello @Moses510, welcome to the Let's Encrypt community. :slightly_smiling_face:

Using this online tool https://unboundtest.com/ with _acme-challenge.voleer.io. as the input and looking at the TXT record I find these results https://unboundtest.com/m/TXT/_acme-challenge.voleer.io/H5RUVBWN

Query results for TXT _acme-challenge.voleer.io

Response:
;; opcode: QUERY, status: NOERROR, id: 44462
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_acme-challenge.voleer.io.	IN	 TXT

;; ANSWER SECTION:
_acme-challenge.voleer.io.	0	IN	TXT	"\"heritage=external-dns,external-dns/owner=infra-istio-certs-external-dns,external-dns/resource=gateway/istio-system/infra-istio-gateway\""

----- Unbound logs -----
Mar 13 14:39:04 unbound[695942:0] notice: init module 0: validator
Mar 13 14:39:04 unbound[695942:0] notice: init module 1: iterator

This answer looks way off to me
_acme-challenge.voleer.io. 0 IN TXT ""heritage=external-dns,external-dns/owner=infra-istio-certs-external-dns,external-dns/resource=gateway/istio-system/infra-istio-gateway""

1 Like
3

Could you please suggest me to debug the issue.
What steps i need to follow debug this issue.

4

I do not know cert-manager.io , I do know that _acme-challenge.voleer.io. needs to contain a Token
see DNS-01 challenge of the Challenge Types - Let's Encrypt

So, kindly wait to see if there are more knowledgeable Let's Encrypt community volunteers willing to assist.

2 Likes
5

I don't know cert-manager very well either but you could review this while you wait to see if anyone else will offer help

3 Likes
6

Issue is resolved after upgrading the cert-manager version from 1.4.4 to 1.5.4

1 Like
7

And to me too [something went off the rails on that one].

I would delete that entry.
It's still there:

_acme-challenge.voleer.io       text =
""heritage=external-dns,external-dns/owner=infra-istio-certs-external-dns,external-dns/resource=gateway/istio-system/infra-istio-gateway""
3 Likes
8

Issue is resolved after upgrading the cert-manager version from v1.4.4 to v1.5.4

1 Like
9

I read that.
But the weird TXT remains.

3 Likes
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.