Conditions:
Last Transition Time: 2023-01-23T11:41:16Z
Message: Certificate is up to date and has not expired
Observed Generation: 1
Reason: Ready
Status: True
Type: Ready
Last Transition Time: 2023-01-23T11:41:15Z
Message: Issuing certificate as Secret does not exist
Observed Generation: 1
Reason: DoesNotExist
Status: True
Type: Issuing
Next Private Key Secret Name: quickstart-example-tls-jc4j6
Not After: 2023-04-23T11:41:16Z
Not Before: 2023-01-23T11:41:16Z
Renewal Time: 2023-03-24T11:41:16Z
Events:
Type Reason Age From Message
Normal Issuing 42s cert-manager-certificates-trigger Issuing certificate as Secret does not exist
Normal Generated 42s cert-manager-certificates-key-manager Stored new private key in temporary Secret resource "quickstart-example-tls-jc4j6"
Normal Requested 41s cert-manager-certificates-request-manager Created new CertificateRequest resource "quickstart-example-tls-tdfqb"
Normal Issuing 41s cert-manager-certificates-issuing Issued temporary certificate
Hi @vishall1166, and welcome to the LE community forum
"Why i am getting temporary certificate?"
Because... There is no thing as a permanent certificate.
All certificates issued by all global CAs are "temporary".
Yes, I can see that--but the "not secure" indicates a specific error, which the browser has given somewhere, but the user hasn't shared with us. That's what I'm asking for.
It would seem that your web service is NOT using the (new) certificate.
This is obviously not the case, because the browser is showing the correct issue and expiration dates.
We should "start over". @vishall1166, you never got this "questionnaire" because you chose "Issuance Tech".
But this a a regular "Help" request and as such has been moved to "Help".
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
OK, so your site is using a self-signed cert that's also (for some reason) valid for 90 days. So what does your question have to do with Let's Encrypt?
It isn't; it's showing HTTPS. But since your site isn't using the Let's Encrypt certificate you got a month ago, but rather a self-signed certificate, you're getting a certificate error. Configure your site to use the correct cert and that error will go away. Nobody here can tell you how to do that--certainly not without your answers to the questions we've asked you.
cert-manager will create self-signed certfiicate by default:
this shows how to use acme protocal: but keep mind exemple config use staging env: change server to prod api https://acme-v02.api.letsencrypt.org/directory will do
looking at their tutorials it looks more like internal management (like smallstep) than get external certificate like certbot and acme is afterthought
