Replies: 6 comments 5 replies
-
What do you get if you describe the orders? |
Beta Was this translation helpful? Give feedback.
-
So, I ended up So, not a great resolution. We'll see what happens at my next renewal in ~60d, but I expect it'll be fine. (So long as my DNS remains pointed at the right IP this time…) |
Beta Was this translation helpful? Give feedback.
-
Ran into a similar issue recently. To resolve this without deleting the |
Beta Was this translation helpful? Give feedback.
-
@irbekrm Might this be fixed by #4130 ? If so, stay tuned for cert-manager 1.5 in August. |
Beta Was this translation helpful? Give feedback.
-
I just ran into this as well, I deleted the Certificate and it successfully generated. I'm going to try to upgrade cert-manager |
Beta Was this translation helpful? Give feedback.
-
Any update on this guys? Did Cert-Manager 1.5.X solve this issue for you? Thanks. |
Beta Was this translation helpful? Give feedback.
-
Describe the bug:
I have an
Ingress
that is usingcert-manager
to issue a certificate; theCert
:As you can see by the
notAfter
or therenwalTime
, very expired. (I've anonymized the domain; it's not really forexample.com
.)The order it references in
status
doesn't exist:(those are to a different
Certificate
, which is also having the same problem.) I deleted theOrder
, since it seemed like it was wedged. It hadn't been able to verify the domain, and by the time I got to fixing it, the ACME order was expired, I think. So I deleted theOrder
since usually that causescert-manager
to just re-create it, and effectively, retry.There are no
Challenges
for this cert, either:At this point, I've also tried restarting
cert-manager
, and still, nothing. ThelastTransitionTime
on thestatus
keeps updating too, but I have no idea where it's getting thatOrder
?Honestly, I'm not sure if it's
cert-manager
or me. I've failed at ACME a few times, and usually deleting orders/challenges is sufficient to getcert-manager
to retry, once I've corrected the issue that is causing ACME to not happen.Expected behaviour: The cert to renew, eventually, of course.
Steps to reproduce the bug: I got into this state by having the domain name pointed at the wrong IP for a while, overlapping a renewal. (ISP outage resulted in an IP change.)
Anything else we need to know?: It might very well be PEBKAC.
Environment details::
/kind bug
Beta Was this translation helpful? Give feedback.
All reactions