queue to be emptied once a day
Unprioritized issues older than 7 days (174)
Resolution: Add a priority/ or triage/ label
Average age: 128.9d, Avg wait: 70.2d
Uncommented older than 7 days (122)
Resolution: Add a priority/ or triage/ label
Average age: 143.9d, Avg wait: 136.4d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags | |
| 3909 |  |
Make wait time configurable when creating route53 challenge |
2
|
5mo | 4d | 5mo |
kind/feature
priority/important-longterm
lifecycle/stale
area/acme/dns01
|
collaborator-last recv
|
|||
| 3898 |  |
Allow setting PodDisruptionBudget policies via helm chart | 5mo | 3d | 5mo | |
kind/feature
priority/important-longterm
area/deploy
|
pr-new-commits recv
|
|||
| 3825 |  |
restoring parallel setup behaviour for e2e tests | 5mo | 4d | 5mo |  |
good first issue
help wanted
kind/feature
priority/important-longterm
lifecycle/stale
|
collaborator-last recv
|
|||
| 3729 |  |
Possible Bug in RFC2136? Or Missconfiguration? | 6mo | 4d | 6mo |
triage/support
lifecycle/stale
|
collaborator-last recv
|
||||
| 3711 |  |
Export issued cert into AWS ACM |
7
|
6mo | 3d | 6mo |  |
kind/feature
priority/backlog
|
collaborator-last recv
|
||
| 3655 |  |
Specify Name Constraints in CA Certificate |
3
|
7mo | 6wk | 7mo |  |
kind/feature
priority/backlog
|
recv
|
||
| 3653 |  |
install cert-manager: Readiness probe failed: HTTP probe failed with statuscode: 500 | 7mo | 3d | 7mo |  |
kind/bug
triage/support
lifecycle/stale
|
collaborator-last recv
|
|||
| 3509 |  |
Provide a separate manifest for the cert-manager Namespace resource | 9mo | 4d | 9mo |
kind/feature
priority/important-longterm
lifecycle/stale
|
collaborator-last recv
|
||||
| 3445 |  |
Connection refused for cert-manager-webhook service |
2
|
10mo | 4d | 10mo |  |
triage/support
lifecycle/stale
|
collaborator-last recv recv-q
|
||
| 3377 |  |
CertManager does not install with default settings |
4
|
11mo | 4d | 11mo |   |
kind/bug
priority/important-soon
lifecycle/stale
|
recv recv-q
|
||
| 3020 |  |
Ability to convert resources in acme.cert-manager.io group | 1y | 4d | 1y |
kind/bug
priority/important-soon
lifecycle/stale
|
collaborator-last recv
|
||||
| 2941 |  |
Detect multiple certs pointed to the same secret |
2
|
1y | 4d | 1y | |
kind/feature
priority/important-longterm
lifecycle/stale
area/monitoring
|
collaborator-last recv
|
||
| 2926 |  |
Add an ability to communicate with Vault via mTLS | 1y | 4d | 1y |
kind/feature
priority/important-longterm
lifecycle/stale
area/vault
|
collaborator-last pr-unreviewed recv
|
||||
| 551 |  |
Documentation on how to handle large-scale certificate management & best practices |
2
|
4mo | 4mo | 4mo |  |
help wanted
priority/important-longterm
kind/documentation
|
contributor-last recv
|
||
| 480 |  |
Secret gets UID added to end of name | 6mo | 5mo | 6mo | |
triage/support
|
contributor-last recv recv-q
|
|||
| 76 |  |
Upgrading from v0.10 to v0.11 - missing cainjector annotation | 2y | 1y | 2y | |
priority/backlog
kind/documentation
|
contributor-last recv
|
|||
| 56 |  |
Route53: document use of "region" field | 2y | 5mo | 2y |  |
documentation
priority/important-longterm
|
contributor-last recv recv-q
|
|||
| 105 previously listed items omitted | |||||||||||
Important soon, but no updates in 90 days (10)
Resolution: Downgrade to important-longterm
Average age: 483.0d, Avg wait: 26.3d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 459 |  |
cert manager is no longer on the OpenShift operator list | 
| 6mo | 5mo | 6mo | |
priority/important-soon
|
assigned assignee-updated commented member-last send
|
|
| 320 |  |
Document how to install cert-manager using gitops and known issues with particular gitops implementations |
|
1y | 3mo | 1y |   |
documentation
priority/important-soon
|
commented contributor-last
|
|
| 262 |  |
[DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift |
|
1y | 8mo | 1y |  |
kind/feature
priority/important-soon
|
commented recv recv-q
|
|
| 229 | |
Documenting resolution for DigitalOcean + HTTP01 "connection timed out" error | 1y | 1y | |
priority/important-soon
kind/documentation
|
contributor-last
|
|||
| 198 | |
Document release process |
| 1y | 1y | 1y | |
priority/important-soon
kind/documentation
|
assigned commented member-last send
|
|
| 195 | |
Document keystores | 1y | 3mo | 1y | |
priority/important-soon
kind/documentation
|
commented member-last send
|
||
| 174 |  |
Add documentation for CRD conversion webhook ca injection | 1y | 1y | 1y | |
help wanted
priority/important-soon
kind/documentation
|
commented member-last send
|
||
| 144 | |
Improve webhook debugging info
|
2y | 3mo | 1y | |
priority/important-soon
kind/documentation
|
commented member-last pr-merged send similar
|
||
| 90 |  |
Document Certificate Subject Changes | 2y | 7mo | 7mo |  |
help wanted
good first issue
priority/important-soon
|
collaborator-last commented similar
|
||
| 69 |  |
SelfSignedIssuer configuration - API reference docs | 2y | 1y | 1y | |
help wanted
good first issue
priority/important-soon
kind/documentation
|
commented member-last send
|
Important longterm, but no updates in 180 days (5)
Resolution: Downgrade to backlog
Average age: 507.0d, Avg wait: 0.0d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 2178 | |
Handling 'unregistering' certificates from Venafi TPP |
3
|
2y | 9mo | 9mo |  |
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
|
collaborator-last commented send
|
|
| 401 | |
Bring tutorials up to date | 8mo | 7mo |
priority/important-longterm
|
|||||
| 223 | |
Document wildcard certificate tutorial | 1y | 1y | 1y | |
priority/important-longterm
kind/documentation
|
commented contributor-last send
|
||
| 178 |  |
Order of versions of cert-manager in menu | 1y | 1y | 1y | |
priority/important-longterm
kind/documentation
|
commented contributor-last send
|
||
| 154 | |
Documenting repo management process | 2y | 1y | 2y | |
priority/important-longterm
kind/documentation
|
commented contributor-last send
|
Pull Requests: Review Ready (19)
Resolution: Review requests or mark them as do-not-merge/work-in-progress
Average age: 52.6d, Avg wait: 41.0d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 4465 |  |
Clouldflare: Show API error messages (e.g., invalid access token) | 3d | 3d | 3d |
release-note
size/S
needs-ok-to-test
area/acme
dco-signoff: yes
area/acme/dns01
needs-kind
|
collaborator-last recv unreviewed
|
|||
| 4027 |  |
bug: Don't sort json patch operations | 4mo | 3d | 4mo | |
size/XS
release-note-none
approved
kind/bug
lifecycle/stale
dco-signoff: yes
ok-to-test
|
collaborator-last commented new-commits recv
|
||
| 4339 |  |
Add option to override the whitelist-source-range nginx ingress annotation for http01 solvers |
|
2
|
5wk | 4d | 4d |   |
size/L
release-note
area/api
area/acme
dco-signoff: yes
ok-to-test
area/acme/http01
area/deploy
needs-kind
|
assigned assignee-updated commented recv reviewed-with-comment
|
| 4456 | |
Vault internal client should check health conn err before checking response status |
| 5d | 4d | 4d | |
release-note
approved
size/S
kind/bug
area/vault
dco-signoff: yes
|
assigned assignee-updated collaborator-last commented new-commits
|
|
| 4209 |  |
Auto generate README.md, Chart.yaml, values.schema.json and values.yaml using tem & helm-jsonschema-gen |
3
|
2mo | 6d | 9d | |
release-note
approved
kind/feature
size/XXL
dco-signoff: yes
ok-to-test
area/deploy
|
commented contributor-last recv reviewed-with-comment
|
|
| 4419 |  |
Add Certificate RenewBefore prometheus metrics |
| 2wk | 8d | 2wk |  |
size/L
release-note
needs-ok-to-test
dco-signoff: yes
area/testing
area/monitoring
needs-kind
|
assigned new-commits recv recv-q
|
|
| 4408 | |
Adds generate completion scripts for bash, zsh, fish, and powershell | 3wk | 17d |
size/L
release-note
approved
kind/feature
dco-signoff: yes
|
collaborator-last unreviewed
|
||||
| 4409 | |
CLI runtime object completion | 3wk | 3wk | 3wk | |
release-note
size/XL
approved
kind/feature
dco-signoff: yes
area/testing
area/ctl
|
commented member-last open-milestone unreviewed
|
||
| 4287 |  |
Acme http challenge custom dns | 7wk | 4wk | 7wk |
size/L
release-note
area/api
needs-ok-to-test
area/acme
dco-signoff: yes
area/testing
area/acme/dns01
area/acme/http01
area/deploy
needs-kind
|
collaborator-last recv unreviewed
|
|||
| 4330 |  |
Add client certificate auth method for Vault issuer | 5wk | 4wk | 5wk | |
release-note
size/XL
area/api
needs-ok-to-test
area/vault
dco-signoff: yes
area/deploy
needs-kind
|
recv unreviewed
|
||
| 4329 |  |
[Helm Chart] Add optional service annotations |
| 5wk | 5wk | 5wk | |
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
|
assigned recv reviewed-with-comment similar
|
|
| 4145 |  |
Allow additional namespaceSelector matchExpressions to be configured on ValidatingWebHook |
| 2mo | 2mo | 2mo | |
size/XS
release-note
kind/feature
dco-signoff: yes
ok-to-test
area/deploy
|
assigned assignee-updated commented recv recv-q unreviewed
|
|
| 701 |  |
Issuer with IRSA needs ambient credentials flag |
| 7d | 2d | 7d |  |
dco-signoff: no
size/XS
needs-ok-to-test
|
assigned recv recv-q unreviewed
|
|
| 700 |  |
DNS01 webhooks : add cert-manager-alidns-webhook |
| 9d | 4d | 9d | |
size/XS
dco-signoff: yes
needs-ok-to-test
|
assigned recv recv-q unreviewed
|
|
| 669 |  |
kubectl --export is deprecated |
|
|
6wk | 4wk | 5wk | |
dco-signoff: yes
size/S
ok-to-test
|
assigned commented contributor-last recv recv-q reviewed-with-comment
|
| 687 |  |
Update faq/kubed.md: Fix deprecated API in v1.22 (networking.k8s.io/v1beta1) | 5wk | 5wk | 5wk | |
size/XS
dco-signoff: yes
needs-ok-to-test
|
contributor-last recv recv-q unreviewed
|
||
| 451 |  |
update to ingress. | 6mo | 3mo | 6mo | |
dco-signoff: no
size/XS
needs-ok-to-test
|
contributor-last recv unreviewed
|
||
| 528 |  |
Update "Setting Nameservers for DNS01 Self Check" example | 5mo | 5mo | 5mo |
size/XS
dco-signoff: yes
needs-ok-to-test
|
contributor-last recv unreviewed
|
|||
| 48 |  |
Add kms/pgp bootstrapping commands for signing | 2d | 2d |
dco-signoff: yes
approved
size/XL
|
contributor-last unreviewed
|
Unkinded Issues (77)
Resolution: Add a kind/ or triage/support label
Average age: 172.5d, Avg wait: 69.1d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags | |
| 4466 |  |
OpenShift 4.8 - OperatorHub shows false version? | 2d | 2d | 2d |
recv
|
|||||
| 3849 | |
Make debugging e2e tests locally easier | 5mo | 4d |
priority/backlog
lifecycle/stale
area/testing
|
collaborator-last
|
|||||
| 3808 |  |
Supporting traefik IngressRoute objects? |
4
|
5mo | 3d | 5mo |  |
priority/important-longterm
area/ingress-shim
|
commented send
|
||
| 3555 | |
Venafi E2E tests are all failing
|
|
8mo | 4d | 7mo |  |
priority/important-soon
lifecycle/stale
area/testing
area/venafi
|
collaborator-last commented pr-merged
|
||
| 3451 | |
Move repo to cert-manager/cert-manager |
| 10mo | 6wk | 6wk | |
priority/important-soon
Epic
|
assigned assignee-updated commented member-last send
|
||
| 3325 |  |
Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200'
|
9
|
11mo | 3d | 3mo | |
priority/backlog
lifecycle/stale
|
collaborator-last commented send similar
|
||
| 3067 | |
Reviewing 'minimum certificate duration' requirements and handling
|
1y | 4d | 1y | |
area/api
priority/important-longterm
lifecycle/stale
|
collaborator-last commented open-milestone pr-closed pr-merged send
|
|||
| 2996 |  |
cainjector pod restart many times of V0.15.1 |
2
|
1y | 4d | 1y |  |
lifecycle/stale
triage/needs-information
area/cainjector
|
collaborator-last commented recv recv-q
|
||
| 354 |  |
DigitalOcean access-token should not be base64-encoded | 11mo | 7mo | 10mo | |
priority/awaiting-more-evidence
|
commented recv
|
|||
| 344 | |
Add docs to explain webhooks | 11mo | 5mo | |
help wanted
good first issue
priority/important-longterm
|
contributor-last
|
||||
| 2 | |
Set up periodic job to publish an experimental release build |
|
|
2y | 4mo | |
priority/backlog
|
assigned contributor-last
|
||
| 66 previously listed items omitted | |||||||||||
Unprioritized Recent Issues (179)
Resolution: Add a priority/ or triage/ label
Average age: 125.4d, Avg wait: 68.4d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags | |
| 4468 |  |
"NoCredentialProviders" error from route53 solver | 1d | 1d | 1d |
kind/bug
|
recv
|
||||
| 4457 | |
Fix golint errors | 
| 5d | 4d | 4d | |
good first issue
kind/cleanup
|
assigned assignee-updated commented contributor-last
|
||
| 4454 |  |
Add certificate issuer / issuer type in prometheus metrics |
|
5d | 5d | 5d |
kind/feature
|
recv similar
|
|||
| 4452 |  |
Error initializing issuer: context deadline exceeded | 6d | 5d | 6d |
kind/bug
|
recv
|
||||
| 175 previously listed items omitted | |||||||||||
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags | |
| 4 previously listed items omitted: #4468 #4466 #4454 #4452 | |||||||||||
New, has multiple reactions, but not important-soon: No matching items
New, has multiple commenters, but not important-soon: No matching items
needs information, has update (3)
Resolution: Comment and remove triage/needs-information tag
Average age: 322.8d, Avg wait: 294.8d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 3611 |  |
Order expires on renew |
|
7mo | 4d | 7mo | |
kind/bug
lifecycle/stale
triage/needs-information
|
collaborator-last commented recv
|
|
| 3534 |  |
cert-manager tries to follow CNAME while "cnameStrategy" is set to "None" | 8mo | 4d | 7mo | |
kind/bug
lifecycle/stale
triage/needs-information
|
collaborator-last commented recv
|
||
| 2996 | |
cainjector pod restart many times of V0.15.1 |
2
|
1y | 4d | 1y | |
lifecycle/stale
triage/needs-information
area/cainjector
|
collaborator-last commented recv recv-q
|
Recently updated issue has a question (35)
Resolution: Add an answer
Average age: 414.5d, Avg wait: 170.3d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 4459 | |
Should Changing Key usages on a Certificate trigger a re-issue?
|
5d | 4d |  |
good first issue
kind/feature
priority/backlog
|
pr-closed recv-q
|
|||
| 3689 |  |
Certificate cannot be created because of attempts to create Order resources that already exist (on OVH) |
4
|
7mo | 3d | 3mo |    |
help wanted
kind/bug
priority/important-longterm
lifecycle/stale
|
collaborator-last commented recv-q send
|
|
| 3601 |  |
Missing nodeSelector on challenge pods
|
4
|
8mo | 4d | 7mo |   |
kind/bug
triage/support
lifecycle/stale
|
commented pr-closed recv-q send
|
|
| 3578 |  |
problem with kubernetes v 1.19 challange get 404 expected 200 |
3
|
8mo | 4d | 8mo |   |
triage/support
lifecycle/stale
|
collaborator-last commented recv recv-q
|
|
| 3437 | |
DNS-01 webhook improvements | 10mo | 4d |  |
kind/feature
priority/backlog
lifecycle/stale
Epic
|
collaborator-last open-milestone pr-unreviewed recv-q
|
|||
| 3388 |  |
https://...svc/mutate?timeout=10s: Service Unavailable | 11mo | 4d | 10mo |  |
triage/support
lifecycle/stale
|
collaborator-last commented recv-q send
|
||
| 3363 |  |
Vault Issuer with Kubernetes authentication cannot be automated via Helm |
9
|
11mo | 4d | 10mo |     |
kind/bug
priority/important-longterm
lifecycle/stale
area/vault
|
collaborator-last commented recv-q send similar
|
|
| 3133 |  |
Failed calling webhook "webhook.cert-manager.io" |
4
|
1y | 4d | 11mo |      |
triage/support
lifecycle/stale
|
collaborator-last commented recv-q send similar
|
|
| 3009 |  |
Using workload identity instead of exporting service account keys on GKE |
5
33
|
1y | 4d | 1y |         |
help wanted
kind/feature
priority/important-longterm
lifecycle/stale
|
collaborator-last commented recv-q send
|
|
| 3007 |  |
Creating Issuer with self CA is failing |
|
1y | 4d | 1y |   |
triage/support
|
commented recv-q send
|
|
| 2969 |  |
Vault ClusterIssuer with Kubernetes authentication not possible? |
|
1y | 4d | 1y |   |
triage/support
priority/awaiting-more-evidence
lifecycle/stale
|
collaborator-last commented recv recv-q similar
|
|
| 2959 |  |
certificate letsencrypt-staging is in status false ... | 1y | 4d | 1y |  |
triage/support
lifecycle/stale
|
collaborator-last commented recv recv-q
|
||
| 2906 |  |
Add Subject Key Identifier to Certificate CRD |
|
1y | 3d | 1y |   |
kind/feature
priority/important-soon
lifecycle/stale
area/ca
|
collaborator-last commented recv-q send similar
|
|
| 2902 |  |
Cannot decrypt PKCS12 keystore |
3
|
1y | 4d | 1y |   |
kind/bug
priority/important-soon
lifecycle/stale
|
collaborator-last commented recv recv-q
|
|
| 2899 |  |
CA-injector doc updates( was Webhook patching infinite loop) |
|
1y | 4d | 1y | |
kind/bug
priority/awaiting-more-evidence
lifecycle/stale
area/cainjector
|
collaborator-last commented recv recv-q
|
|
| 2877 | |
E2E: [Conformance] Certificates with issuer type ACME DNS01 Issuer should issue a basic, defaulted certificate for a single commonName and distinct dnsName defined by an ingress with annotations | 1y | 4d | 1y |  |
priority/important-longterm
lifecycle/stale
area/acme
kind/flake
|
collaborator-last commented recv-q
|
||
| 2817 |  |
cainjector fails to start: MutatingWebhookConfiguration not found | 1y | 4d | 1y |  |
kind/bug
priority/important-longterm
lifecycle/stale
area/deploy
|
collaborator-last commented recv-q send
|
||
| 2768 |  |
Pass only role name and not full ARN for kube2iam |
|
1y | 4d | 1y |  |
kind/feature
priority/awaiting-more-evidence
lifecycle/stale
area/acme/dns01
|
collaborator-last commented recv recv-q
|
|
| 2763 |  |
Creating ingress-shim equivalent for Istio gateway resources | 1y | 4d | 1y |      |
good first issue
kind/design
kind/feature
priority/backlog
lifecycle/stale
area/ingress-shim
|
collaborator-last commented recv-q send
|
||
| 2727 |  |
Add per-domain ACME metrics for requests | 2y | 4d | 1y | |
kind/feature
priority/awaiting-more-evidence
lifecycle/stale
area/monitoring
|
collaborator-last commented recv recv-q
|
||
| 2722 |  |
Inject CA certificate into Secrets with cainjector |
9
|
2y | 3d | 11mo |     |
kind/feature
priority/awaiting-more-evidence
|
commented recv-q send similar
|
|
| 2636 |  |
Certificate stuck in issuing state |
|
2y | 4d | 1y |   |
area/api
kind/bug
priority/awaiting-more-evidence
lifecycle/stale
|
collaborator-last commented recv-q send similar
|
|
| 2478 |  |
Allow CA issuer secret rotation |
6
|
2y | 4d | 9mo |    |
kind/feature
priority/important-longterm
lifecycle/stale
area/ca
|
collaborator-last commented open-milestone recv-q send
|
|
| 2377 |  |
Istio Node Agent Integration | 2y | 4d | 2y |  |
kind/feature
priority/important-longterm
lifecycle/stale
|
collaborator-last commented recv-q send
|
||
| 2332 |  |
Private ACME authority aka custom root certificate for ACME |
7
|
2y | 4d | 2y |   |
good first issue
help wanted
kind/feature
priority/backlog
lifecycle/stale
area/acm |