I am trying to generate new certificate but getting error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: Information Technology

I ran this command: kubectl apply -f ingress.yml

It produced this output:

The certificate request has failed to complete and will be retried: Failed to wait for order resource "agi-tls-secret-sgbjn-1380026417" to become ready: order is in "invalid" state

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Welcome @Kynsai123

I think you would be better to ask the question on a Kubernetes forum (maybe like this one). People there will know how to get more debug info from using that system.

But, if you want us to help we need to know at least the public DNS domain name you are trying to get a cert for.


Hi Thanks for replying.
I am trying to get a certificate for this DNS "agi.centralindia.cloudapp.azure.com".
I'm using cert-manager to generate the certificate.

It's stucked here
Normal Requested 5m29s cert-manager Created new CertificateRequest resource "agi-tls-secret-6qtqd"

1 Like

Yeah, that really is just gibberish to me. No clue at all on even how to proceed from that. I second @MikeMcQ 's suggestion to ask help with this issue on a Kubernetes Community if you require help with getting more debugging information from cert-manager.


I can't reach the server for that domain name with http or https. Let's Encrypt servers must be able to reach that domain to validate your control of it. You will need Kubernetes experts to help with your server / environment setup. Also check any firewall.

You might also try the github for cert-manager. There is also this cert-manager debug page.


2 posts were split to a new topic: Could not issue an SSL/TLS certificate

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.