openshift-routes icon indicating copy to clipboard operation
openshift-routes copied to clipboard

Published 20 hours ago verified publisher icon cert-manager

certificate cannot be renewed, error message: "key does not match certificate"

Open mbu147 opened this issue 1 year ago • 2 comments

Hello,

we run an OpenShift cluster in Azure (ARO) with openshift-routes and cert-manager, both deployed as Helm charts via ArgoCD. cert-manager: v1.14.4 openshift-routes: v0.5.0

When one of our certificates needs to be renewed, it fails with the message "Key does not match certificate". To work around this problem, we can recreate the entire route from scratch without the old certificate.

cert-manager-openshift-routes/route/sync "msg"="failed to populate route certificate" "error"="key does not match certificate (route: <namespace>/<route name>)" "resourceVersion"="1069859259" "route"={"Namespace":"<namespace>","Name":"<route name>"}

Does anyone already know this error and know how we can fix it?

Thanks!

mbu147 avatar Mar 19 '24 08:03 mbu147

We had the same problem, and ended up removing the orders and certificaterequests resources for these routes. Looking at the code, maybe just removing the cert-manager.io/next-private-key annotation from the route would have worked as well?

of-vincentvandam avatar Mar 28 '24 12:03 of-vincentvandam

Experienced the same problem.

ctml91 avatar Mar 28 '24 13:03 ctml91