Issues with Certificates on Gardener

Symptom

Certificates installation takes too long.
Certificate is still not ready, status is {STATUS}. Exiting... error occurs.
Certificates are no longer valid.

Cause

During installation on Gardener, Kyma requests domain SSL certificates using the Gardener's Certificate custom resource (CR) to ensure secure communication through both Kyma UI and Kubernetes CLI. The mentioned issues might occur during this proces.

Solution

If any of these issues appears, follow these steps:

Check the status of the Certificate CR:

bash

kubectl get certificates.cert.gardener.cloud --all-namespaces

If the status of any Certificate is Error, run:

bash

kubectl get certificates -n {CERTIFICATE_NAMESPACE} {CERTIFICATE_NAME} -o jsonpath='{ .status.message }'

The result describes the reason for the failure of issuing a domain SSL certificate. Depending on the moment when the error occurred, you can perform different actions.

Istio Service Mesh

Tutorials

Technical Reference

Troubleshooting

Tutorials

Mutual TLS Authentication

Security

Custom Resources

APIGateway Custom Resource

APIRule Custom Resource

APIRule Migration

Technical Reference

Troubleshooting Guides

Working with Multiple Subaccounts

Resources

Tutorials

Troubleshooting

Technical Reference

Runtime Agent

Tutorials

Resources

Tutorials

Register a Service

VPC Peering

Resources

Tutorials

Tutorials

Resources

Troubleshooting for the Eventing Module

Resources

Troubleshooting

Tutorials

Resources

Technical Reference

Troubleshooting Guides

Collecting Logs

Collecting Traces

Collecting Metrics

Filtering and Processing Data

Transform and Filter with OTTL

Integrate with your OTLP Backend

Architecture

Integration Guides

Resources

Tutorials

Resources

Technical Reference

Tutorials

Commands

Issues with Certificates on Gardener ​

Symptom ​

Cause ​

Solution ​

Issues with Certificates on Gardener

Symptom

Cause

Solution