Lets Encrypt certificate was renewed, but the secret was not replaced #3560
-
Hello everyone I created a cluster a while ago with Traefik and cert-manager (with Let's Encrypt certs) and now it should replace the certs for the first time. In the cert config they are configured without an ID, the renewed secrets/certs have an ID in their name (see comment below). ❯ kubectl -n default get certificates
NAME READY SECRET AGE
website-cert True website-cert 70d When I describe the certificate I get Spec:
...
Issuer Ref:
Kind: ClusterIssuer
Name: letsencrypt-prod
Secret Name: website-cert
Status:
Conditions:
Last Transition Time: 2020-10-29T18:15:08Z
Message: Certificate is up to date and has not expired
Reason: Ready
Status: True
Type: Ready
Last Transition Time: 2020-12-28T17:20:06Z
Message: Renewing certificate as renewal was scheduled at 2020-12-28 17:15:06 +0000 UTC
Reason: Renewing
Status: True
Type: Issuing
Next Private Key Secret Name: website-cert-qdd9f # <------
# this name with the ID would be correct... but may the wrong resource type?
# the old certificate/secret has the name website-cert without any ID in the suffix
Not After: 2021-01-27T17:15:06Z
Not Before: 2020-10-29T17:15:06Z
Renewal Time: 2020-12-28T17:15:06Z
Revision: 2
Events: <none> When I look at this I saw that my old cert was called Thank you for your help 🧐 |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Beta Was this translation helpful? Give feedback.
website-cert<-some-hash>
is only used to store the private key while waiting on the certificate to be signed. If you still see that secret it means it isn't fully issued yet might be worth checking https://cert-manager.io/docs/faq/troubleshooting/