CertManagerHittingRateLimits #
Meaning #
Cert-manager is being rate-limited by the ACME provider. Let’s Encrypt rate limits can last for up to a week.
Let’s Encrypt suggest the application process for extending rate limits can take a week. Other ACME providers could likely have different rate limits.
Impact #
There could be up to a weeks delay in provisioning or renewing certificates, depending on the action that’s being rate limited.
Diagnosis #
Check the certificates in the cluster with renewing status:
kubectl get certificatesrequests -A
Check the Events of the specific certificate request:
kubectl describe certificatesrequests <certificatesrequests object>
Mitigation #
Wait until the rate-limiting is over or request an increase of the rate-limit.