Kubernetes: x509 certificate signed by unknown authority, possibly because of ECDSA verification failure

10/18/2021

I am new in Kubernetes and stuck on the issue. I was trying to renew letsencrypt SSL certificate. But when I try to get certificate by running following command

kubectl get certificate

System throwing this exception

Error from server: conversion webhook for cert-manager.io/v1alpha2, Kind=Certificate failed: Post https://cert-manager-webhook.default.svc:443/convert?timeout=30s: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "cert-manager-webhook-ca")

I have checked the pods also

enter image description here

The "cert-manager-webhook" is in running state. When I check logs of this pod, I get the following response

enter image description here

I have also tried to apply cluster-issuer after deleting it but face same issue

kubectl apply -f cluster-issuer.yaml

enter image description here

I also have done R&D about this but could not find any suitable solution. Whats the issue here? Can someone please help me regarding this? Thanks.

-- Hunzla Sheikh
certificate
kubernetes
lets-encrypt
ssl
sslhandshakeexception

1 Answer

10/19/2021

The problem was with "cert-manager-cainjector" pod status which was "CrashLoopBackOff" due to FailedMount as secret was not found for mounting. I have created that secret and after that it start working fine.

-- Hunzla Sheikh
Source: StackOverflow