Cert Manager Cert Not Ready

CertManagerCertNotReady #

Meaning #

A certificate has not been ready to serve traffic for at least 10m. Typically this means the cert is not yet signed.

Impact #

If the cert is being renewed or there is another valid cert, the ingress controller should be able to serve that instead. If not, need to investigate why the certificate is not yet ready.

Diagnosis #

Check the certificates in the cluster with renewing status:

kubectl get certificates -A

Check the events of the object in detail:

kubectl describe certificates <certificate object>

Mitigation #

Ensure cert-manager is configured correctly, no ACME/LetsEncypt rate limits are being hit. Ensure RBAC permissions are still correct for cert-manager.

Source: https://gitlab.com/uneeq-oss/cert-manager-mixin/-/blob/eae22f642aaa5d422e4766f6811df2158fc05539/RUNBOOK.md