Warning RetrieveError 35s cert-manager Failed to obtain venafi certificate: common name is not allowed in this policy: [^([\p{L}\p{N}-*]+\.)*venafidemo\.com$ ^([\p{L}\p{N}-*]+\.)*example\.com$]

[wallrj]

kubectl describe certificaterequest
Name:         demo-certificate-701839224
Namespace:    default
Labels:       <none>
Annotations:  cert-manager.io/certificate-name: demo-certificate
              cert-manager.io/private-key-secret-name: demo-tls
              kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"cert-manager.io/v1alpha2","kind":"Certificate","metadata":{"annotations":{},"name":"demo-certificate","namespace":"default"...
API Version:  cert-manager.io/v1alpha3
Kind:         CertificateRequest
Metadata:
  Creation Timestamp:  2020-03-27T14:27:00Z
  Generation:          1
  Owner References:
    API Version:           cert-manager.io/v1alpha2
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  Certificate
    Name:                  demo-certificate
    UID:                   7af18ee0-8955-4e3c-a349-b812e1655815
  Resource Version:        2396
  Self Link:               /apis/cert-manager.io/v1alpha3/namespaces/default/certificaterequests/demo-certificate-701839224
  UID:                     c5ed1f7b-75f8-45b7-ab55-0d312a98102d
Spec:
  Csr:  LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2lqQ0NBWElDQVFBd0Z6RVZNQk1HQTFVRUNoTU1ZMlZ5ZEMxdFlXNWhaMlZ5TUlJQklqQU5CZ2txaGtpRwo5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBNE45K2hESTdFREdOdWFrL3Z4d3BhS1lSSmdpM0dNa21OblNVClo5RGNlaUhlbGRFUXJWVHFXaW1SUXlYVXhrVTk3aHhiRDQ3SkdKQUJQNUxWMjZrSFR1YTBrZWlISWpWckJEK0sKb1l0ais4NUxWZkdFRjB2UFlDNTMxRXp3R3Rxc1lsY0NSdXZ5eURWSW1XSGpwS1lPUnVra2ZQWllWVHoxL2dSSgp6dFJxNTZwZGlBWkFxeVdjR21zamFJMHlzRFFJRVNKUktGTkhMTmxqM21wQzJNMnQ3QTAySCtsRU5CZkZrZTRPCnYvZS93SllONC8wWERQMW1rNmx1amY0MmRLRmxLVXRET01SNzdsYzVxWXUxTG45SWlwSTBXcE1iWW5XaHc0aloKVExiQjFhSk1zenI5NVpZRjhkZGpqMW1ZOGRpZk84alA5UkQwdWlpU1hlZGFPeGdacVFJREFRQUJvQzR3TEFZSgpLb1pJaHZjTkFRa09NUjh3SFRBYkJnTlZIUkVFRkRBU2doQmtaVzF2TG1WNFlXMXdiR1V1WTI5dE1BMEdDU3FHClNJYjNEUUVCQ3dVQUE0SUJBUURDRVJhc0d6RFdxek0xcStmeG5wN0dNbjBiYm40Q0tqTG5ERmhWYkYzODBWelYKQUkzZU9qUGdpYTFqbHB0ekJMOWlTZDZEV0FJNWw5WjBUZEZiUkhMY2pPanlVcWRMR3kzdjI1djBwbWNzbnRPTApLb2RzT1UxQTB2TmRvcjlhT0hTUjU0YlFyZ0M1ZW9lWFVTRUg3a3JVK1BzcEc3b3BhaHQ3YmhQWDgrVlVKbk1YCkRuZzFPY3VsTko3cE1wOHBONlhRVVY2Zks1VWJKaTVNa0NnZHlQTjJTLzJEQzlNbXhXR1N1aFFKRjlxWXplU2EKRmpHV0hjSkNzZmZvMlJxNFJaWFo4WE1DZi9aR2t2RDlmb2tINW12Wlg0SGFzVXd1anBjOFNFM29ZMG1JZEFBTgpBZWdmTDl5dHczNWZ4aEx4YjdRazliSnpzeEFzdmVMSkl2YzRoZjFqCi0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
  Issuer Ref:
    Kind:  Issuer
    Name:  venafi-tpp-issuer
Status:
  Conditions:
    Last Transition Time:  2020-03-27T14:27:00Z
    Message:               Failed to obtain venafi certificate: common name  is not allowed in this policy: [^([\p{L}\p{N}-*]+\.)*venafidemo\.com$ ^([\p{L}\p{N}-*]+\.)*example\.com$]
    Reason:                Failed
    Status:                False
    Type:                  Ready
  Failure Time:            2020-03-27T14:27:00Z
Events:
  Type     Reason         Age   From          Message
  ----     ------         ----  ----          -------
  Warning  RetrieveError  35s   cert-manager  Failed to obtain venafi certificate: common name  is not allowed in this policy: [^([\p{L}\p{N}-*]+\.)*venafidemo\.com$ ^([\p{L}\p{N}-*]+\.)*example\.com$]

[meyskens]

@wallrj can you PR the jetstack-restricted zone for the mistakes?