Why does the Ingress status show an ERRDSISS
error?
Virtual Private Cloud Classic infrastructure Satellite
You can use the ibmcloud oc ingress status-report ignored-errors add
command to add an error to the ignored-errors list. Ignored errors still appear in the output of the ibmcloud oc ingress status-report get
command,
but are ignored when calculating the overall Ingress Status.
When you check the status of your cluster's Ingress components by running the ibmcloud oc ingress status-report get
command, you see an error similar to the following example.
The subdomain has TLS secret issues (ERRDSISS).
Red Hat OpenShift on IBM Cloud generates a TLS certificate for managed domains and creates a TLS secret on the cluster containing the certificate. Normally, the certificate status should be created
or deleted
, but the
status indicates problems with the certificate or secret generation.
Check the SSL Cert Status
of your managed domains and, if needed, regenerate them.
-
Get the list of the managed domains using the
ibmcloud oc nlb-dns ls
command. -
Check the
SSL Cert Status
column.creating
orregenerating
status.- Wait a few hours and check the status again. If the status does not change, ensure that the namespace appearing in the
Secret Namespace
exists. rate_limited
status.- Let's Encrypt refused to generate a new certificate for this domain. This usually happens when the cluster is deleted and recreated with the same name, or the
ibmcloud oc nlb-dns secret regenerate
command was invoked multiple times. The rate limit will expire after 7 days (there is no way to manually remove it). Certificate generation will be automatically attempted again after 7 days.
-
Wait 10-15 minutes, then check if the warning is resolved.
-
If the issue persists, contact support. Open a support case. In the case details, be sure to include any relevant log files, error messages, or command outputs.