After almost 1 year without a problem, I realized that cert-manager can't produce certificates anymore.

I started seeing this error:

Error from server: conversion webhook for cert-manager.io/v1alpha2, Kind=Certificate failed: Post "https://cert-manager-webhook.cert-manager.svc:443/convert?timeout=30s": x509: certificate has expired or is not yet valid: current time 2021-12-05T01:02:15Z is after 2021-12-03T14:15:56Z

I do NOT have a problem with the existing certificates/domains. But, it can't create certs for new domains.

Also,

kubectl get cert

has the same error output.

What is the recommended solution?

CodePudding user response：

I would suggest updating the version of Cert-manager you are running.

helm install \
  cert-manager jetstack/cert-manager \
  --namespace mynamespace \
  --version v0.15.1 \
  --set installCRDs=true

do not forget to install the CRD.

Cert-manager supports the latest two releases only which are currently 1.5 and 1.6 while 1.7 is an upcoming release.

Refer to the Release document here and you can also refer to the reported issue for more information.

CodePudding user response：

Manually deleting secrets cert-manager-webhook-ca and cert-manager-webhook-tls may work in this case. Cert-manager controller will automatically create the deleted secrets afterwards.