ACM Certificate RenewalEligibility showing as Ineligable, secret not updating

[nategreen-rf]

I've created a Certificate resource using the following
`apiVersion: acm.services.k8s.aws/v1alpha1
kind: Certificate
metadata:
name: mydomain-cert
namespace: ack-system
spec:

The primary domain

domainName: "mydomain"
subjectAlternativeNames:
- "*.mydomain"
keyAlgorithm: RSA_2048
options:
certificateTransparencyLoggingPreference: ENABLED
exportTo:
name: my-secret
namespace: ack-system
key: tls.crt`

however the status always shows

Status:
Ack Resource Metadata:
Arn: xxxx
Owner Account Id: xxxxx
Region: xxxxx
Conditions:
Status: True
Type: ACK.ResourceSynced
Last Transition Time: 2026-02-25T20:01:46Z
Message: Late initialization successful
Reason: Late initialization successful
Status: True
Type: ACK.LateInitialized
Last Transition Time: 2026-02-25T20:01:46Z
Status: True
Type: Ready
Created At: 2026-02-25T18:52:50Z
Domain Validations:
Domain Name: mydomain
Validation Domain: mydomain
Validation Method: DNS
Validation Status: PENDING_VALIDATION
Domain Name: *.mydomain
Validation Domain: *.mydomain
Validation Method: DNS
Validation Status: PENDING_VALIDATION
Issued At: 2026-02-25T19:58:06Z
Issuer: Amazon
Renewal Eligibility: INELIGIBLE
Serial: xxxxx
Signature Algorithm: SHA256WITHRSA
Status: ISSUED
Subject: CN=mydomain
type_: AMAZON_ISSUED
Events:

If I recreate the secret it does not repopulate the secret with the certificate

AWS console and cli show the certificate as valid and eligible for renewal

[github-actions]

Hello @nategreen-rf 👋 Thank you for opening an issue in ACK! A maintainer will triage this issue soon.

We encourage community contributions, so if you're interested in tackling this yourself or suggesting a solution, please check out our Contribution and Code of Conduct guidelines.

You can find more information about ACK on our website.