Some time ago, when I took a task to upgrade a version of Nexus in our Kubernetes cluster, I created a Nexus-test with same version to start with (to make sure if something goes wrong, it won’t have any impacts on Nexus we are using for our pipelines). So, I need to use another TLS secret to point to a different host. However, the new certificate didn’t come as usual. After checking cert-manager, I got the following log:
"msg"="re-queuing item due to error processing" "error"="Internal error occurred: failed calling webhook \"webhook.cert-manager.io\": Post \"https://cert-manager-webhook.kube-system.svc:443/mutate?timeout=30s\": x509: certificate has expired or is not yet valid
Basically, cert-manager was trying to create a new TLS certificate, but it couldn’t due to the fact that the certificate to connect to service of cert-manager was expired. We are using Helm chart as the following:
One simple solution I tried was renamed cert-manager service to a new one. So for example instead of using cert-manager-webhook, we could use cert-manager-1, etc.
Leave a Reply