Hello Team,
TLS certificate is not coming from Let's encrypt even the issuer is correctly working as below and certificates status shows in false state.
I am pasting the output of certificaterequest please help to get that certificate for our domain
k get issuer
NAME READY AGE
letsencrypt-kc-prod True 29h
letsencrypt-key-cloak-staging True 25m
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-key-cloak-staging
namespace: default
spec:
acme:
email: "xyz@abc.com"
preferredChain: ""
privateKeySecretRef:
name: letsencrypt-key-cloak-staging
server: https://acme-staging-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
class: nginx
My domain is: idppreviewkc.centralus.cloudapp.azure.com
I ran this command:
It produced this output:
kubectl describe certificaterequest letsencrypt-key-cloak-tls
Status:
Conditions:
Last Transition Time: 2023-04-04T11:43:17Z
Message: Certificate request has been approved by cert-manager.io
Reason: cert-manager.io
Status: True
Type: Approved
Last Transition Time: 2023-04-04T11:43:17Z
Message: Waiting on certificate issuance from order default/letsencrypt-key-cloak-tls-j8bkd-483700965: "pending"
Reason: Pending
Status: False
Type: Ready
Events:
Type Reason Age From Message
Normal cert-manager.io 10m cert-manager-certificaterequests-approver Certificate request has been approved by cert-manager.io
Normal OrderCreated 10m cert-manager-certificaterequests-issuer-acme Created Order resource default/letsencrypt-key-cloak-tls-j8bkd-483700965
Normal OrderPending 10m cert-manager-certificaterequests-issuer-acme Waiting on certificate issuance from order default/letsencrypt-key-cloak-tls-j8bkd-483700965: ""
k get secrets | grep -i letsencrypt-key
letsencrypt-key-cloak-staging Opaque 1 237d
letsencrypt-key-cloak-tls Opaque 1 237d
letsencrypt-key-cloak-tls-qflh5 Opaque 1 34s
kubectl describe certificaterequest letsencrypt-key-cloak-tls
Status:
Conditions:
Last Transition Time: 2023-04-04T11:43:17Z
Message: Certificate request has been approved by cert-manager.io
Reason: cert-manager.io
Status: True
Type: Approved
Last Transition Time: 2023-04-04T11:43:17Z
Message: Waiting on certificate issuance from order default/letsencrypt-key-cloak-tls-j8bkd-483700965: "pending"
Reason: Pending
Status: False
Type: Ready
Events:
Type Reason Age From Message
Normal cert-manager.io 10m cert-manager-certificaterequests-approver Certificate request has been approved by cert-manager.io
Normal OrderCreated 10m cert-manager-certificaterequests-issuer-acme Created Order resource default/letsencrypt-key-cloak-tls-j8bkd-483700965
Normal OrderPending 10m cert-manager-certificaterequests-issuer-acme Waiting on certificate issuance from order default/letsencrypt-key-cloak-tls-j8bkd-483700965: ""
kubectl describe certificate letsencrypt-key-cloak-tls
Status:
Conditions:
Last Transition Time: 2023-04-04T11:43:17Z
Message: Issuing certificate as Secret does not contain a certificate
Observed Generation: 1
Reason: MissingData
Status: True
Type: Issuing
Last Transition Time: 2023-04-04T11:43:17Z
Message: Issuing certificate as Secret does not contain a certificate
Observed Generation: 1
Reason: MissingData
Status: False
Type: Ready
Next Private Key Secret Name: letsencrypt-key-cloak-tls-qflh5
Events:
Type Reason Age From Message
Normal Issuing 11m cert-manager-certificates-trigger Issuing certificate as Secret does not contain a certificate
Normal Reused 11m cert-manager-certificates-key-manager Reusing private key stored in existing Secret resource "letsencrypt-key-cloak-tls"
Normal Requested 11m cert-manager-certificates-request-manager Created new CertificateRequest resource "letsencrypt-key-cloak-tls-j8bkd"