Why does the Ingress status show an ESSEC error?

Virtual Private Cloud Classic infrastructure Satellite

When you check the status of your cluster's Ingress components by running the ibmcloud oc ingress status-report get command, you see an error similar to the following example.

The certificate for TLS secret expired or will expire soon (ESSEC).

You have secrets in your cluster that have either expired or are about to expire in the next 5 days.

Review and update your secrets and domains.

Run the ibmcloud oc ingress secret ls command and review the output.

For secrets that are about to expire and are user managed

Ensure the value of the corresponding secret in IBM Cloud Secrets Manager has been updated and run the ibmcloud oc ingress secret update command for that secret.

For secrets that are managed by IBM

Ensure the corresponding domain is still active.

To determine whether a secret is IBM managed or user managed, run the ibmcloud oc ingress secret get command and look for the User Managed section.

View the domains for your cluster.

ibmcloud oc nlb-dns ls

Example output

OK
Subdomain                                                                           Target(s)                              SSL Cert Status   SSL Cert Secret Name                            Secret Namespace    Status
example-124567891235678912345789asfghijk-0000.us-south.containers.appdomain.cloud   example0-us-south.lb.appdomain.cloud   created           example-124567891235678912345789asfghijk-0000   openshift-ingress   OK

Inactive domains are any in the list that do not have an associated IP address or hostname. For those domains, remove the associated secrets from your cluster by running the following command.
```
ibmcloud oc nlb-dns secret rm
```
If the issue persists, contact support. Open a support case. In the case details, be sure to include any relevant log files, error messages, or command outputs.