Cert Manager fails to call webhook

Symptoms

The following three cases show when the Cert Manager might fail to call webhook.

Case 1

Case 2

Case 3

Cause

After upgrade or reinstallation, cert-manager does not refresh the mutating or validating of webhook configurations.

Resolving the problem

You must remove the webhook configuration manually.

✗ oc get mutatingwebhookconfigurations | grep cert-manager
cert-manager-webhook                                                1          13d

✗ oc get validatingwebhookconfigurations | grep cert-manager
cert-manager-webhook                                             1          13d

Deleting the webhook configurations and restarting the cert-manager-webhook pod resolves this issue. If the cert-manager-webhook pod does not exist, restart the ibm-cert-manager-operator pod.