Debugging Issues With cert-manager

If you’re using cert-manager to get a Let’s Encrypt certificate for your Kubernetes cluster and running into issues, you can do the following to see what might be going on:

Check Status of Challenge

First, check the status of the certificate:

kubectl describe certificate tls-secret --namespace ingress-nginx

You’ll see something that says something like Created new CertificateRequest resource “tls-secret-1764787185”. Run the following to get more information:

kubectl describe CertificateRequest tls-secret-1764787185 --namespace ingress-nginx

This command will provide the ID of an order, so use a similiar command:

kubectl describe Order tls-secret-1764787185-845386587 --namespace ingress-nginx

Finally, you will get a Challenge to view:

kubectl describe Challenge tls-secret-1764787185-845386587-4119551803 --namespace ingress-nginx

View Logs

If the above isn’t helping, you can view the logs:

kubectl logs -n cert-manager deploy/cert-manager -f

Leave a Reply

Your email address will not be published. Required fields are marked *