Not able to renew a certificate, the challenge stay in pending state

My setup has been working fine for at least one year without any modifications, suddently my cert was not renewed and I started to get an invalid cert page in the browser.

Checking the kubernetes resourses I noticed that one challenge was pending, I ran a describe to se the details of it and it has no events, no matter the time I wait, the state never change.

Everything else seems to be ok (orders, secrets, issuer, etc.) and as a Imentioned before, this was working fine for a lot of time.

This is the solver section of the challenge.

Solver:
dns01:
Cloud DNS:
Project: proyectid-hahsksd
Service Account Secret Ref:
Key: key.json
Name: service-account-in-k
Token: ---------a token-------------
Type: DNS-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/134580656556/D05U6A
Wildcard: true
Events:

Could you please help me to fix the issue?

My domain is:
alpha11.nebulainsurancecloudengine.com

Example of use:
https://product.alpha11.nebulainsurancecloudengine.com/

I ran this command:
kubectl -n dev get challenges

It produced this output:
NAME STATE DOMAIN AGE
env-certificate-cnz alpha11.nebulainsurancecloudengine.com 5m22s

My web server is (include version):
Kubernetes GCP

The operating system my web server runs on is (include version):

I can login to a root shell on my machine (yes or no, or I don't know): yes

I see you got a wildcard cert just a couple hours ago. And, your server is sending out the new cert.

In the future, you might also try the below resources if no one here responds.

Troubleshooting cert-manager

cert-manager github

3 Likes