Problem with cert-manager and first time install on kubernetes cluster

Last Transition Time: 2023-01-23T11:41:16Z
Message: Certificate is up to date and has not expired
Observed Generation: 1
Reason: Ready
Status: True
Type: Ready
Last Transition Time: 2023-01-23T11:41:15Z
Message: Issuing certificate as Secret does not exist
Observed Generation: 1
Reason: DoesNotExist
Status: True
Type: Issuing
Next Private Key Secret Name: quickstart-example-tls-jc4j6
Not After: 2023-04-23T11:41:16Z
Not Before: 2023-01-23T11:41:16Z
Renewal Time: 2023-03-24T11:41:16Z
Type Reason Age From Message

Normal Issuing 42s cert-manager-certificates-trigger Issuing certificate as Secret does not exist
Normal Generated 42s cert-manager-certificates-key-manager Stored new private key in temporary Secret resource "quickstart-example-tls-jc4j6"
Normal Requested 41s cert-manager-certificates-request-manager Created new CertificateRequest resource "quickstart-example-tls-tdfqb"
Normal Issuing 41s cert-manager-certificates-issuing Issued temporary certificate

That isn't a "temporary" certificate, it's a certificate that's valid for 90 days--which is all that Let's Encrypt issues. It will renew in 60 days,


What do you mean temporary? 90 days is the expected lifetime.

Does it work? Other issues?


Hi @vishall1166, and welcome to the LE community forum :slight_smile:

"Why i am getting temporary certificate?"
Because... There is no thing as a permanent certificate.
All certificates issued by all global CAs are "temporary".


it is not working. showing me 90 days period but not showing me https.


Then that is a use problem.
It would seem that your web service is NOT using the (new) certificate.


What's the actual error it's showing you?


Please tell us your domain name. We want to see ourselves.

A certificate with valid dates but recognized as unsafe can be a lot of different issues, starting with a wrong clock on your PC.


Maybe you can't see the image uploaded.
It shows:
"Not secure | https://..."


Yes, I can see that--but the "not secure" indicates a specific error, which the browser has given somewhere, but the user hasn't shared with us. That's what I'm asking for.

It would seem that your web service is NOT using the (new) certificate.

This is obviously not the case, because the browser is showing the correct issue and expiration dates.


That is a very good point.

We should "start over".
@vishall1166, you never got this "questionnaire" because you chose "Issuance Tech".
But this a a regular "Help" request and as such has been moved to "Help".

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


my domain is ""

OK, so your site is using a self-signed cert that's also (for some reason) valid for 90 days. So what does your question have to do with Let's Encrypt?


why it still showing me http?

It isn't; it's showing HTTPS. But since your site isn't using the Let's Encrypt certificate you got a month ago, but rather a self-signed certificate, you're getting a certificate error. Configure your site to use the correct cert and that error will go away. Nobody here can tell you how to do that--certainly not without your answers to the questions we've asked you.


cert-manager will create self-signed certfiicate by default:

this shows how to use acme protocal: but keep mind exemple config use staging env: change server to prod api will do

looking at their tutorials it looks more like internal management (like smallstep) than get external certificate like certbot and acme is afterthought



Who hosts your site?
Who is the admin?


I am the admin. Please help me. How can I generate a certificate? Do I need to use cert-manager or certbot?

There may be more than one ACME client that fits your needs.

Please answer all of the questions:

And: Who manages the Kubernetes?