"The certificate file can contain one or more certificates in a chain. The wildcard certificate must be the first certificate in the file. It can then be followed with any intermediate certificates, and the file should end with the root CA certificate."

     2. Customer followed the instructions
 and applied the new certificate, and the new cert was applied to the router successfully.  However, Customer ran into this issue and fix related to the Authentication operator: https://access.redhat.com/solutions/6984698

     3. It was necessary to add an additional 'carriage return' at the end of the certificate file that was applied to the ingress secret.  Once it was added added the carriage return and applied the new secret, everything started working.     

this requirement of a final 'carriage return' should be documented in the normal documentation and not only in a KB article, or this issue should be patched as a bug.  

[1] https://docs.openshift.com/container-platform/4.12/security/certificates/replacing-default-ingress-certificate.html
 

    1.
    2.
    3.