In Chapter 6, p. 166, f., "Installing cert-manager" says to execute the command:
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml
That command appears to execute successfully. However, the next command (p. 168, "Installing the certificate issuer")
kubectl create -f certificate-issuer.yaml
fails with the following error
Error from server (InternalError): error when creating "certificate-issuer.yaml": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": x509: certificate signed by unknown authority
This may be due to cert-manager v1.2.0 not being compatible with the current version of Kubernetes running on the nodes. According to https://cert-manager.io/docs/installation/supported-releases/ , cert-manager v1.2.0 is compatible with Kubernetes 1.16 through 1.20
Checking the version of Kubernetes running on the nodes, it is v1.22.11.
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
aks-agentpool-14350620-vmss000000 Ready agent 2d20h v1.22.11
aks-agentpool-14350620-vmss000001 Ready agent 45h v1.22.11
What appears to have worked for me is to delete the old version of cert-manager using
kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml
and then apply the latest version
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.18.2/cert-manager.yaml
After that the command to create the certificate issuer ran successfully.