diff --git a/pkg/kubectl/secret_for_tls.go b/pkg/kubectl/secret_for_tls.go
index 9dd47b9514d..aeb6d8863a9 100644
--- a/pkg/kubectl/secret_for_tls.go
+++ b/pkg/kubectl/secret_for_tls.go
@@ -128,10 +128,10 @@ func (s SecretForTLSGeneratorV1) validate() error {
 	// if no key/cert is given. The only requiredment is that we either get both
 	// or none. See test/e2e/ingress_utils for self signed cert generation.
 	if len(s.Key) == 0 {
-		return fmt.Errorf("key must be specified.")
+		return fmt.Errorf("key must be specified")
 	}
 	if len(s.Cert) == 0 {
-		return fmt.Errorf("certificate must be specified.")
+		return fmt.Errorf("certificate must be specified")
 	}
 	if _, err := tls.LoadX509KeyPair(s.Cert, s.Key); err != nil {
 		return fmt.Errorf("failed to load key pair %v", err)