Error: "certificateRef field value missing" occurs during creation of loadbalancer Ingress controller
search cancel

Error: "certificateRef field value missing" occurs during creation of loadbalancer Ingress controller

book

Article ID: 398361

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

When installing an ingress controller with a certificate the following error is observed:

Error syncing load balancer: failed to ensure load balancer: unable to create loadbalancer for ports [[]vcdsdk.PortDetails{vcdsdk.PortDetails{Protocol:"HTTP", PortSuffix:"http", ExternalPort:<portnumber>, InternalPort:<portnumber>, UseSSL:false, CertAlias:""}, vcdsdk.PortDetails{Protocol:"HTTPS", PortSuffix:"https", ExternalPort:<portnumber>, InternalPort:<portnumber>, UseSSL:false, CertAlias:""}}]: [unable to create virtual service; expected http response [202], obtained [400]: resp: [&http.Response{Status:"400 Bad Request", StatusCode:400, Proto:"HTTP/1.1", ProtoMajor:1, ProtoMinor:1, Header:http.Header{"Cache-Control":[]string{"no-store, must-revalidate"}, "Content-Type":[]string{"application/json"}, "Date":[]string{"Thu, 01 May 2025 09:25:49 GMT"}, "Strict-Transport-Security":[]string{"max-age=63072000; includeSubDomains; preload"}, "X-Frame-Options":[]string{"SAMEORIGIN"}, "X-Vmware-Vcloud-Ceip-Id":[]string{"<uuid>"}, "X-Vmware-Vcloud-Request-Execution-Time":[]string{"69"}, "X-Vmware-Vcloud-Request-Id":[]string{"<request-id>"}}, Body:(*http.bodyEOFSignal)(0xc000682600), ContentLength:-1, TransferEncoding:[]string{"chunked"}, Close:false, Uncompressed:false, Trailer:http.Header(nil), Request:(*http.Request)(0xc0006fae00), TLS:(*tls.ConnectionState)(0xc000642790)}]: [400 Bad Request]: [{"minorErrorCode":"BAD_REQUEST","message":"[ <request-id> ] certificateRef field value missing","stackTrace":null}]]

Environment

VMware Cloud Director 10.6.x

VMware Container Service Extension 4.x

Cause

This issue will occur if the required SSL certificate cannot be validated successfully during the installation.

Resolution

To resolve this issue review the configuration documentation and ensure that a valid SSL certificate is installed correctly. See Creation of a loadbalancer using a third party ingress for details.

If SSL termination is occurring at the NSX ALB then the certificate should be uploaded there also.

Note: If desired then it is possible to publish the ingress controller as an L4 loadbalancer rather than an L7 for HTTPS. See Disable SSL termination at NSX-T Avi load balancer for details.

Powered by Wolken Software