When syncing a secret to Cloudflare, the process retries multiple times within seconds, leading to the creation of duplicate TLS certificates.
This exhausts Cloudflare’s custom certificate IP quota for the zone (error code 1221), blocking further updates.
{
"action": "Sync",
"id": "[REDACTED]",
"level": "info",
"msg": "certificate synced",
"secretName": "[REDACTED]",
"secretNamespace": "cert-manager",
"store": "cloudflare",
"time": "2026-05-26T13:33:23Z"
},
{
"action": "HandleSecret",
"level": "info",
"msg": "Secret synced to 1 store",
"name": "[REDACTED]",
"namespace": "ingress-nginx",
"time": "2026-05-26T13:33:23Z"
},
{
"action": "Sync",
"id": "[REDACTED]",
"level": "info",
"msg": "certificate synced",
"secretName": "[REDACTED]",
"secretNamespace": "cert-manager",
"store": "cloudflare",
"time": "2026-05-26T13:33:24Z"
},
{
"action": "HandleSecret",
"level": "info",
"msg": "Secret synced to 1 store",
"name": "[REDACTED]",
"namespace": "ingress-nginx",
"time": "2026-05-26T13:33:24Z"
},
{
"action": "Sync",
"id": "[REDACTED]",
"level": "info",
"msg": "certificate synced",
"secretName": "[REDACTED]",
"secretNamespace": "cert-manager",
"store": "cloudflare",
"time": "2026-05-26T13:33:25Z"
},
{
"action": "HandleSecret",
"level": "error",
"msg": "failed to sync secret to 1 store",
"error": "Custom certificate IP quota exceeded for this zone (Cloudflare API error code: 1221)",
"name": "[REDACTED]",
"namespace": "ingress-nginx",
"store": "cloudflare",
"error_count": 1,
"time": "2026-05-26T13:33:25Z"
},
{
"fn": "main",
"level": "error",
"msg": "errors syncing secret ingress-nginx/[REDACTED]: [store cloudflare sync failed: Custom certificate IP quota exceeded for this zone (Cloudflare API error code: 1221)]",
"time": "2026-05-26T13:33:25Z"
}
]
When syncing a secret to Cloudflare, the process retries multiple times within seconds, leading to the creation of duplicate TLS certificates.
This exhausts Cloudflare’s custom certificate IP quota for the zone (error code 1221), blocking further updates.