gke-managed-certs: Certificate provisioning stuck on FAILED_NOT_VISIBLE

I have the same issue. It’s going for 2 weeks now. I gues gcp is suck

I have a certificate that got properly attached to a load balancer, and the DNS is pointing to the LB address, however the certificate is still stuck in FAILED_NOT_VISIBLE.

I was able to fix it by removing the ManagedCertificate object and the annotation on the ingress and then applying both again, it forces the process to restart.

It worked for me today to just specify the Google Managed Cert as a “pre-shared cert” as shown below:

ingress.gcp.kubernetes.io/pre-shared-cert: "fitpeak-app-alpha"

Didn’t realize that I had to attach the provisioning certificates to the HTTPS load balancer for them to be become verified, I thought GCP would verify them based on the DNS pointing to the LB alone. The controller should automatically attach the certs to the LB frontend right?

Do we need to create certificate manually via LoadBalancer or does this service create a certificate which we need to attach to the LoadBalancer

GKE managed certificate yaml

apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
  name: example-certificate
spec:
  domains:
    - example.com

Ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: "example-ingress"
  annotations:
    kubernetes.io/ingress.global-static-ip-name: "example-static-ip"
    kubernetes.io/ingress.allow-http: "true"
    networking.gke.io/managed-certificates: "example-certificate"
spec:
  rules:
  - http:
      paths:
      - path: /*
        backend:
          serviceName: "example-service"
          servicePort: 80

I am facing same issue. Any luck what it is stuck at this state(FAILED_NOT_VISIBLE)?

It gets stuck some times. If you have the DNS and load balancer set up correctly, it should work. If it doesn’t, try deleting and the certificate and adding it back.