cert0manager v0.4.0 is trying to renewing cert in the wrong domain

[Anirudh Srinivasan]

Our  clusterissuer is pointing to the domain  "*.cp.product.qa.uswest2.cloudtrust.rocks.". But during the renewal looking at the cert-manager pod's logs it is trying to send the ACME DNDS challenge to another domain "*.cp.iicsqa.uswest2.cloudtrust.rocks."

Here is the certificate yaml file :

kind: Certificate

metadata:

  creationTimestamp: 2019-02-27T09:41:41Z

  generation: 1

  name: prometheus-ssl-cert

  namespace: lamm

  ownerReferences:

  - apiVersion: extensions/v1beta1

    blockOwnerDeletion: true

    controller: true

    kind: Ingress

    name: monitoringaddon-prometheus-prometheus

    uid: e305ff4d-3a73-11e9-b3bb-0258b2ac4fb6

  resourceVersion: "88181370"

  selfLink: /apis/certmanager.k8s.io/v1alpha1/namespaces/lamm/certificates/prometheus-ssl-cert

  uid: e3088cd5-3a73-11e9-b3bb-0258b2ac4fb6

spec:

  acme:

    config:

    - dns01:

        provider: route53

      domains:

      - prometheus.cp.product.qa.uswest2.cloudtrust.rocks

  commonName: ""

  dnsNames:

  - prometheus.cp.product.qa.uswest2.cloudtrust.rocks

  issuerRef:

    kind: ClusterIssuer

    name: certissueraddon-ct-acme-issuer

  secretName: prometheus-ssl-cert

status:

  acme:

    order:

      challenges:

      - authzURL: https://acme-v02.api.letsencrypt.org/acme/authz/VSQpl7z4TN6u95Xq_Lrp7LFOHcrG3FjRCpyw1g9Hxck

        dns01:

          provider: route53

        domain: prometheus.cp.iicsqa.uswest2.cloudtrust.rocks

        key: _hdajkhcfdsjkcdsjcGKHKDKjkdshdkjahkajshcksjdcnsdkj

        token: WHJKJFCJKdjkhcskjdhcvkjdhckjsvjrhsjcksjcnkJKJJK

        type: dns-01

        url: https://acme-v02.api.letsencrypt.org/acme/challenge/VSQpl7z4TN6u95Xq_Lrp7LFOHcrG3FjRCpyw1g9Hxck/16933354169

        wildcard: false

      url: https://acme-v02.api.letsencrypt.org/acme/order/50566908/542772117

  conditions:

  - lastTransitionTime: 2019-06-11T10:05:22Z

    message: "Failed to clean up previous order: Failed to change Route 53 record

      set: InvalidChangeBatch: [Tried to delete resource record set [name='_acme-challenge.prometheus.cp.iicsqa.uswest2.cloudtrust.rocks.',

      type='TXT'] but it was not found]\n\tstatus code: 400, request id: 30b7b3a2-29c2-46f1-bef3-ae15882a7393"

    reason: ValidateError

    status: "False"

    type: Ready

  - lastTransitionTime: null

    message: Order validated

    reason: OrderValidated

    status: "False"

    type: ValidateFailed