Don't know how to refresh 'pending' certificate in K8s

My domain is: https://bizid-test.skyc.cloud/

I ran this command: kubectl get certs

It produced this output:
NAME READY SECRET AGE
bizid-test-tls-secret False bizid-test-tls-secret 97d

Running kubectl describe challenges:
References a URL which returns a pending state:

and then error:
Reason: Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200'
Using cert-manager.io as the ClusterIssuer

What I want to know is if there is a way I can refresh the cert instead of creating a new one, I have been making changes to my deployment/ingress.yaml files but I want to register the changes with the certificates. There doesn't seem to be a kubectl command for it.

It's not the certificate that's pending, it's the challenge response: Troubleshooting Issuing ACME Certificates | cert-manager

The general process internally will be:

  • begin certificate order with Let's Encrypt, get list of challenges we can solve
  • choose which challenges to solve (e.g. http-01) and prepare them (present the required challenge response at the required URL)
  • tell Let's Encrypt we are ready for them to check our answers. [this is the part where your system is stuck].

You need to figure out how to force cert-manager to submit pending challenges, or delete the cert order and start again.

4 Likes

Hmm, what I did was delete the order, then applied a cert.yaml and restarted the pod and it worked after a few minutes, strange ... Thanks for the help!

2 Likes