This's a follow-up to customer case: https://access.redhat.com/support/cases/#/case/04082076

In this case customer cluster was missing one of ClusterIssuer CR that we have documented in step: https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.35/html/serving/serving-transport-encryption#serving-transport-encryption-creating-a-clusterissuer-to-be-used-by-serving_serving-transport-encryption

Per feedback it was probably missed as the setup with cert-manager requires 2 distinct ClusterIssuers to be created. One angle of this spike is a flow of documented steps and possibility to improve reasoning what and why is required.

Another angle could be Argo or Helm chart setup that would encapsulate all resources to be created for internal encryption.

Finally, we could look into improving logging messages to provide feedback of misconfiguration in controller or activator logs.