Skip to content

TLS Certificate Challenge Failing #4272

Open
Open
TLS Certificate Challenge Failing#4272
@chinmaya-venkat-ey

Description

@chinmaya-venkat-ey
chinmaya-venkat-ey
opened on Dec 18, 2025

Hi @vinothrallapalli-eGov

We are facing challenges trying to access the server using the domain. Here are the relevant logs to help diagnose the issue:

certificates:

vm:/home/ubuntu/DIGIT-DevOps-DIGIT-2.9LTS# kubectl get certificate -n egov
NAME                                        READY   SECRET                                      AGE
(name).in-tls-certs                         False   (name).in-tls-certs                         23h
urbanimcdev.eydemoapp.in-tls-certs          True    urbanimcdev.eydemoapp.in-tls-certs          23h

challenge status:

vm:/home/ubuntu/DIGIT-DevOps-DIGIT-2.9LTS# kubectl get challenge -n egov -w
NAME                                                              STATE     DOMAIN                            AGE
(name).in-tls-certs-(uid)                                         pending   (name).eydemoapp.in               23h

cert description:

kubectl describe certificate (name).in-tls-certs -n egov
Name:        (name).in-tls-certs
Namespace:    egov
Labels:       app=egov-finance
              app.kubernetes.io/managed-by=Helm
Annotations:  <none>
API Version:  cert-manager.io/v1
Kind:         Certificate
Metadata:
  Creation Timestamp:  2025-12-17T07:13:18Z
  Generation:          1
  Owner References:
    API Version:           networking.k8s.io/v1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  Ingress
    Name:                  --------------
    UID:                   -----------------------------------
  Resource Version:        ------------------------------
  UID:                     -------------------------------------------
Spec:
  Dns Names:
    (name).eydemoapp.in
  Issuer Ref:
    Group:      cert-manager.io
    Kind:       ClusterIssuer
    Name:       letsencrypt-prod
  Secret Name:  (name).in-tls-certs
  Usages:
    digital signature
    key encipherment
Status:
  Conditions:
    Last Transition Time:        2025-12-17T07:13:18Z
    Message:                     Certificate expired on Fri, 14 Nov 2025 12:05:43 UTC
    Observed Generation:         1
    Reason:                      Expired
    Status:                      False
    Type:                        Ready
    Last Transition Time:        2025-12-17T07:13:18Z
    Message:                     Renewing certificate as renewal was scheduled at 2025-10-15 12:05:43 +0000 UTC
    Observed Generation:         1
    Reason:                      Renewing
    Status:                      True
    Type:                        Issuing
  Next Private Key Secret Name:  indore-urbanimcdev.eydemoapp.in-tls-certs-nxd92
  Not After:                     2025-11-14T12:05:43Z
  Not Before:                    2025-08-16T12:05:44Z
  Renewal Time:                  2025-10-15T12:05:43Z
Events:                          <none>

Please let me know if any further information would be required to help troubleshoot.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions