cert-manager: 6 certificaterequests are creating for one single certificate and causing daily limit to exceed

Hello, I am using cert-manager for the creation of certificate. cert-manager : 1.4 I am facing some strange issue , whenever triggering generation of one certificate , 6 certificaterequests are getting triggered. As it’s exceeding the daily limit of certificate generation request, generated certificates switches from valid to invalid in someinterval. below is the certificate yaml (redacted the project info.) I would like to fix it , can anyone help me to understand what’s going wrong in the request and how to remove multiple certificate requests and correspoding order of errored state. Keeping only one valid request , (As currently tried to remove the certificate request, it re-generate it again)

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: wildcard-certificate
  namespace: ingress
  labels:
    use-dns-solver: "true"
spec:
  commonName: "*.dev.xyz.com"
  secretName: wildcard-dev-certificate
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-production
  dnsNames: ["*.dev.xyz.live","*.dev.xyz.com"]

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 19

Most upvoted comments

Hi @irbekrm

Actually certificate keep on refering certificaterequest out of the list so sometimes it’s up but it refer to incorrect certificaterequest. then all the application in dev shows the incorrect ssl (invalid / expired certificate).

Below is the version of the command you gave :

cmctl version Client Version: util.Version{GitVersion:"v1.6.1", GitCommit:"5ecf5b5617a4813ea8115da5dcfe3cd18b8ff047", GitTreeState:"clean", GoVersion:"go1.17.1", Compiler:"gc", Platform:"darwin/amd64"} Server Version: &versionchecker.Version{Detected:"v1.5.0", Sources:map[string]string{"crdLabelVersion":"v1.5.0", "webhookPodImageVersion":"v1.5.0", "webhookPodLabelVersion":"v1.5.0", "webhookServiceLabelVersion":"v1.5.0"}}

Current pods status below seems to be restart of pods 12 hour ago : Screenshot 2022-01-07 at 13 00 55

also attaching logs : cert-manager-6b64fbf949-ssk7b.log

Kindly let me know in case you need any other details with respect to cert-manager, I really don’y know playing with github and changing labels and adding labels to it

+1
Snehil03 on Jan 7, 2022
Read more comments on GitHub
← aws-privateca-issuer: MissingAuthenticationToken: Request is missing Authentication Token
cert-manager: Acme challenge keeps failing due to propagation check failed →