Getting Kubernetes Ingress Controller Fake Certificate

After following all the steps to install rancher and rke, using either rancher generated certificates or let’s encrypt, getting kubernetes ingress controller fake certificate.

Rancher is up and running

According to the guide this is the output for kubectl -n cattle-system describe certificate:

kubectl -n cattle-system describe certificate
Name:         tls-rancher-ingress
Namespace:    cattle-system
Labels:       app=rancher
              app.kubernetes.io/managed-by=Helm
              chart=rancher-2.4.5
              heritage=Helm
              release=rancher
Annotations:  <none>
API Version:  cert-manager.io/v1alpha3
Kind:         Certificate
Metadata:
  Creation Timestamp:  2020-06-30T14:05:03Z
  Generation:          1
  Owner References:
    API Version:           extensions/v1beta1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  Ingress
    Name:                  rancher
    UID:                   843b21e1-e901-41c2-95d7-4f970ee9844c
  Resource Version:        1161
  Self Link:               /apis/cert-manager.io/v1alpha3/namespaces/cattle-system/certificates/tls-rancher-ingress
  UID:                     226f8d82-42f5-4d49-8ff6-3e9d01b87644
Spec:
  Dns Names:
    rancher.kubernetes
  Issuer Ref:
    Group:      cert-manager.io
    Kind:       Issuer
    Name:       rancher
  Secret Name:  tls-rancher-ingress
Status:
  Conditions:
    Last Transition Time:  2020-06-30T14:05:03Z
    Message:               Waiting for CertificateRequest "tls-rancher-ingress-1785717959" to complete
    Reason:                InProgress
    Status:                False
    Type:                  Ready
Events:                    <none>

This error is shown in the ingress controller logs:

W0630 14:04:44.433988       7 controller.go:1119] Error getting SSL certificate "cattle-system/tls-rancher-ingress": local SSL certificate cattle-system/tls-rancher-ingress was not found. Using default certificate

Any hint ?

1 Like

Hi @ntomas, I am having the same issue. Did you find any solution for this?

It looks like cert-manager hasn’t created the certificate.
Please review the troubleshooting guide https://cert-manager.io/docs/faq/acme/