queue to be emptied once a day
Unprioritized issues older than 7 days (189)
Resolution: Add a priority/ or triage/ label
Average age: 144.6d, Avg wait: 74.0d
Uncommented older than 7 days (129)
Resolution: Add a priority/ or triage/ label
Average age: 159.0d, Avg wait: 147.6d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags | |
| 3909 |  |
Make wait time configurable when creating route53 challenge |
2
|
6mo | 4d | 6mo |
kind/feature
priority/important-longterm
lifecycle/rotten
area/acme/dns01
|
collaborator-last recv
|
|||
| 3898 |  |
Allow setting PodDisruptionBudget policies via helm chart | 6mo | 4wk | 6mo | |
kind/feature
priority/important-longterm
area/deploy
|
pr-new-commits recv
|
|||
| 3825 |  |
restoring parallel setup behaviour for e2e tests | 6mo | 4d | 6mo |  |
good first issue
help wanted
kind/feature
priority/important-longterm
lifecycle/rotten
|
collaborator-last recv
|
|||
| 3729 |  |
Possible Bug in RFC2136? Or Missconfiguration? | 7mo | 4d | 7mo |
triage/support
lifecycle/rotten
|
collaborator-last recv
|
||||
| 3711 |  |
Export issued cert into AWS ACM |
8
|
7mo | 4wk | 7mo |  |
kind/feature
priority/backlog
|
collaborator-last recv
|
||
| 3655 |  |
Specify Name Constraints in CA Certificate |
4
|
8mo | 2mo | 8mo |  |
kind/feature
priority/backlog
|
recv
|
||
| 3653 |  |
install cert-manager: Readiness probe failed: HTTP probe failed with statuscode: 500 | 8mo | 3d | 8mo |  |
kind/bug
triage/support
lifecycle/rotten
|
collaborator-last recv
|
|||
| 3509 |  |
Provide a separate manifest for the cert-manager Namespace resource | 10mo | 4d | 10mo |
kind/feature
priority/important-longterm
lifecycle/rotten
|
collaborator-last recv
|
||||
| 3445 |  |
Connection refused for cert-manager-webhook service |
2
|
11mo | 4d | 11mo |  |
triage/support
lifecycle/rotten
|
collaborator-last recv recv-q
|
||
| 3377 |  |
CertManager does not install with default settings |
4
|
1y | 4d | 1y |   |
kind/bug
priority/important-soon
lifecycle/rotten
|
collaborator-last recv recv-q
|
||
| 3020 |  |
Ability to convert resources in acme.cert-manager.io group | 1y | 4d | 1y |
kind/bug
priority/important-soon
lifecycle/rotten
|
collaborator-last recv
|
||||
| 2941 |  |
Detect multiple certs pointed to the same secret |
2
|
1y | 4d | 1y | |
kind/feature
priority/important-longterm
lifecycle/rotten
area/monitoring
|
collaborator-last recv
|
||
| 2926 |  |
Add an ability to communicate with Vault via mTLS | 1y | 4d | 1y |
kind/feature
priority/important-longterm
area/vault
lifecycle/rotten
|
collaborator-last pr-unreviewed recv
|
||||
| 551 |  |
Documentation on how to handle large-scale certificate management & best practices |
2
|
5mo | 5mo | 5mo |  |
help wanted
priority/important-longterm
kind/documentation
|
contributor-last recv
|
||
| 480 |  |
Secret gets UID added to end of name | 7mo | 6mo | 7mo | |
triage/support
|
contributor-last recv recv-q
|
|||
| 76 |  |
Upgrading from v0.10 to v0.11 - missing cainjector annotation | 2y | 1y | 2y | |
priority/backlog
kind/documentation
|
contributor-last recv
|
|||
| 56 |  |
Route53: document use of "region" field | 2y | 6mo | 2y |  |
documentation
priority/important-longterm
|
contributor-last recv recv-q
|
|||
| 112 previously listed items omitted | |||||||||||
Important soon, but no updates in 90 days (10)
Resolution: Downgrade to important-longterm
Average age: 512.9d, Avg wait: 29.3d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 459 |  |
cert manager is no longer on the OpenShift operator list | 
| 7mo | 6mo | 7mo | |
priority/important-soon
|
assigned assignee-updated commented member-last send
|
|
| 320 |  |
Document how to install cert-manager using gitops and known issues with particular gitops implementations |
|
1y | 4mo | 1y |   |
documentation
priority/important-soon
|
commented contributor-last similar
|
|
| 262 |  |
[DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift |
|
1y | 9mo | 1y |  |
kind/feature
priority/important-soon
|
commented recv recv-q
|
|
| 229 | |
Documenting resolution for DigitalOcean + HTTP01 "connection timed out" error | 1y | 1y | |
priority/important-soon
kind/documentation
|
contributor-last
|
|||
| 198 | |
Document release process |
| 1y | 1y | 1y | |
priority/important-soon
kind/documentation
|
assigned commented member-last send
|
|
| 195 | |
Document keystores | 1y | 4mo | 1y | |
priority/important-soon
kind/documentation
|
commented member-last send
|
||
| 174 |  |
Add documentation for CRD conversion webhook ca injection | 2y | 1y | 1y | |
help wanted
priority/important-soon
kind/documentation
|
commented member-last send
|
||
| 144 | |
Improve webhook debugging info
|
2y | 4mo | 1y | |
priority/important-soon
kind/documentation
|
commented member-last pr-merged send similar
|
||
| 90 |  |
Document Certificate Subject Changes | 2y | 8mo | 8mo |  |
help wanted
good first issue
priority/important-soon
|
collaborator-last commented similar
|
||
| 69 |  |
SelfSignedIssuer configuration - API reference docs | 2y | 1y | 1y | |
help wanted
good first issue
priority/important-soon
kind/documentation
|
commented member-last send
|
Important longterm, but no updates in 180 days (7)
Resolution: Downgrade to backlog
Average age: 534.6d, Avg wait: 97.0d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 2178 | |
Handling 'unregistering' certificates from Venafi TPP |
3
|
2y | 10mo | 10mo |  |
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
|
collaborator-last commented send
|
|
| 401 | |
Bring tutorials up to date | 9mo | 8mo |
priority/important-longterm
|
|||||
| 344 | |
Add docs to explain webhooks | 1y | 6mo | |
help wanted
good first issue
priority/important-longterm
|
contributor-last
|
|||
| 223 | |
Document wildcard certificate tutorial | 1y | 1y | 1y | |
priority/important-longterm
kind/documentation
|
commented contributor-last send
|
||
| 178 |  |
Order of versions of cert-manager in menu | 2y | 1y | 2y | |
priority/important-longterm
kind/documentation
|
commented contributor-last send
|
||
| 154 | |
Documenting repo management process | 2y | 1y | 2y | |
priority/important-longterm
kind/documentation
|
commented contributor-last send
|
||
| 56 | |
Route53: document use of "region" field | 2y | 6mo | 2y | |
documentation
priority/important-longterm
|
contributor-last recv recv-q
|
Pull Requests: Review Ready (12)
Resolution: Review requests or mark them as do-not-merge/work-in-progress
Average age: 81.8d, Avg wait: 75.0d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 4520 |  |
Remove t.Fatal from goroutine |
4
|
5d | 23h | 1d |  |
release-note-none
size/M
dco-signoff: yes
area/testing
ok-to-test
needs-kind
|
commented recv reviewed-with-comment
|
|
| 4287 |  |
Acme http challenge custom dns | 2mo | 1d | 2mo |
size/L
release-note
area/api
needs-ok-to-test
area/acme
dco-signoff: yes
area/testing
area/acme/dns01
area/acme/http01
area/deploy
needs-kind
|
collaborator-last recv unreviewed
|
|||
| 4027 |  |
bug: Don't sort json patch operations | 5mo | 3d | 5mo | |
size/XS
release-note-none
approved
kind/bug
lifecycle/rotten
dco-signoff: yes
ok-to-test
|
collaborator-last commented new-commits recv
|
||
| 4330 |  |
Add client certificate auth method for Vault issuer | 2mo | 2mo | 2mo | |
release-note
size/XL
area/api
needs-ok-to-test
area/vault
dco-signoff: yes
area/deploy
needs-kind
|
recv unreviewed
|
||
| 4329 |  |
[Helm Chart] Add optional service annotations |
| 2mo | 2mo | 2mo | |
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
|
assigned recv reviewed-with-comment
|
|
| 710 |  |
Added ZeroSSL tutorial | 
|
|
17d | 11h | 17d |  |
dco-signoff: yes
size/XL
needs-ok-to-test
|
assigned recv unreviewed
|
| 714 |  |
Updates arising from the signing release process | 5d | 5d | |
approved
dco-signoff: yes
size/M
kind/documentation
|
contributor-last unreviewed
|
|||
| 700 |  |
DNS01 webhooks : add cert-manager-alidns-webhook |
| 5wk | 18d | 5wk | |
size/XS
dco-signoff: yes
needs-ok-to-test
|
assigned recv recv-q unreviewed
|
|
| 701 |  |
Issuer with IRSA needs ambient credentials flag |
| 5wk | 4wk | 5wk | |
dco-signoff: no
size/XS
needs-ok-to-test
|
assigned recv recv-q unreviewed
|
|
| 669 |  |
kubectl --export is deprecated |
|
|
2mo | 1mo | 2mo | |
dco-signoff: yes
size/S
ok-to-test
|
assigned commented contributor-last recv recv-q reviewed-with-comment
|
| 451 |  |
update to ingress. | 7mo | 4mo | 7mo | |
dco-signoff: no
size/XS
needs-ok-to-test
|
contributor-last recv unreviewed
|
||
| 528 |  |
Update "Setting Nameservers for DNS01 Self Check" example | 6mo | 6mo | 6mo |
size/XS
dco-signoff: yes
needs-ok-to-test
|
contributor-last recv unreviewed
|
Unkinded Issues (82)
Resolution: Add a kind/ or triage/support label
Average age: 189.3d, Avg wait: 78.6d
Unprioritized Recent Issues (194)
Resolution: Add a priority/ or triage/ label
Average age: 141.0d, Avg wait: 72.1d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags | |
| 4537 | |
HTTP-01 challenges fail with Istio and cert-manager 1.5 (kubernetes.io/ingress.class not set anymore) | 22h | 1h | 1h | |
kind/bug
area/acme/http01
|
collaborator-last commented send
|
|||
| 193 previously listed items omitted | |||||||||||
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 4536 |  |
ZeroSSL ClusterIssuer Order Fails on Finalization | 1d | 1d | 1d |
recv
|
New, has multiple reactions, but not important-soon: No matching items
New, has multiple commenters, but not important-soon: No matching items
needs information, has update (3)
Resolution: Comment and remove triage/needs-information tag
Average age: 352.7d, Avg wait: 324.8d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 3611 |  |
Order expires on renew |
2
|
8mo | 1h | 8mo |  |
kind/bug
triage/needs-information
lifecycle/rotten
|
commented recv recv-q
|
|
| 3534 |  |
cert-manager tries to follow CNAME while "cnameStrategy" is set to "None" | 9mo | 4d | 8mo | |
kind/bug
triage/needs-information
lifecycle/rotten
|
collaborator-last commented recv
|
||
| 2996 |  |
cainjector pod restart many times of V0.15.1 |
2
|
1y | 4d | 1y |  |
triage/needs-information
lifecycle/rotten
area/cainjector
|
collaborator-last commented recv recv-q
|
Recently updated issue has a question (34)
Resolution: Add an answer
Average age: 431.2d, Avg wait: 170.7d
| ID | Au | Desc | As | Rea | Cr | Up | Re | Cmntrs | Labels | Tags |
| 3990 |  |
crt.sh is showing certs issued while k8s cluster is showing status as false | 5mo | 5d | 4mo |     |
kind/bug
priority/important-soon
area/acme
|
commented recv-q send
|
||
| 3689 |  |
Certificate cannot be created because of attempts to create Order resources that already exist (on OVH) |
4
|
8mo | 3d | 4mo |    |
help wanted
kind/bug
priority/important-longterm
lifecycle/rotten
|
collaborator-last commented recv-q send
|
|
| 3601 |  |
Missing nodeSelector on challenge pods
|
4
|
9mo | 4d | 8mo |   |
kind/bug
triage/support
|
commented pr-closed recv-q send
|
|
| 3578 |  |
problem with kubernetes v 1.19 challange get 404 expected 200 |
3
|
9mo | 4d | 9mo |   |
triage/support
lifecycle/rotten
|
collaborator-last commented recv recv-q
|
|
| 3576 |  |
Cert-manager does not respect TTL |
4
|
9mo | 3d | 9mo | |
kind/feature
priority/important-soon
area/acme
area/acme/dns01
|
commented recv recv-q
|
|
| 3437 | |
DNS-01 webhook improvements | 11mo | 4d |  |
kind/feature
priority/backlog
lifecycle/rotten
Epic
|
collaborator-last open-milestone pr-unreviewed recv-q
|
|||
| 3388 |  |
https://...svc/mutate?timeout=10s: Service Unavailable | 1y | 4d | 11mo |  |
triage/support
lifecycle/rotten
|
collaborator-last commented recv-q send
|
||
| 3381 |  |
Setup separate package for cert-manager API |
|
3
|
1y | 3d | 4mo |  |
kind/feature
priority/important-soon
lifecycle/rotten
|
assigned assignee-updated collaborator-last commented open-milestone recv-q send
|
| 3363 |  |
Vault Issuer with Kubernetes authentication cannot be automated via Helm |
10
|
1y | 3d | 11mo |     |
kind/bug
priority/important-longterm
area/vault
lifecycle/rotten
|
collaborator-last commented recv-q send similar
|
|
| 3133 |  |
Failed calling webhook "webhook.cert-manager.io" |
4
|
1y | 4d | 1y |      |
triage/support
lifecycle/rotten
|
collaborator-last commented recv-q send
|
|
| 3009 |  |
Using workload identity instead of exporting service account keys on GKE |
6
35
|
1y | 4d | 1y |         |
help wanted
kind/feature
priority/important-longterm
lifecycle/rotten
|
collaborator-last commented recv-q send
|
|
| 2969 |  |
Vault ClusterIssuer with Kubernetes authentication not possible? |
|
1y | 4d | 1y |   |
triage/support
priority/awaiting-more-evidence
lifecycle/rotten
|
collaborator-last commented recv recv-q similar
|
|
| 2959 |  |
certificate letsencrypt-staging is in status false ... | 1y | 4d | 1y |  |
triage/support
lifecycle/rotten
|
collaborator-last commented recv recv-q
|
||
| 2906 |  |
Add Subject Key Identifier to Certificate CRD |
|
1y | 3d | 1y |   |
kind/feature
priority/important-soon
area/ca
lifecycle/rotten
|
collaborator-last commented recv-q send similar
|
|
| 2902 |  |
Cannot decrypt PKCS12 keystore |
3
|
1y | 4d | 1y |    |
kind/bug
priority/important-soon
lifecycle/rotten
|
commented recv recv-q
|
|
| 2899 |  |
CA-injector doc updates( was Webhook patching infinite loop) |
|
1y | 4d | 1y | |
kind/bug
priority/awaiting-more-evidence
lifecycle/rotten
area/cainjector
|
collaborator-last commented recv recv-q
|
|
| 2877 | |
E2E: [Conformance] Certificates with issuer type ACME DNS01 Issuer should issue a basic, defaulted certificate for a single commonName and distinct dnsName defined by an ingress with annotations | 1y | 4d | 1y |  |
priority/important-longterm
area/acme
lifecycle/rotten
kind/flake
|
collaborator-last commented recv-q
|
||
| 2817 |  |
cainjector fails to start: MutatingWebhookConfiguration not found |
|
2y | 4d | 2y |  |
kind/bug
priority/important-longterm
lifecycle/rotten
area/deploy
|
collaborator-last commented recv-q send
|
|
| 2768 |  |
Pass only role name and not full ARN for kube2iam |
|
2y | 4d | 2y |  |
kind/feature
priority/awaiting-more-evidence
lifecycle/rotten
area/acme/dns01
|
collaborator-last commented recv recv-q
|
|
| 2763 |  |
Creating ingress-shim equivalent for Istio gateway resources | 2y | 4d | 1y |      |
good first issue
kind/design
kind/feature
priority/backlog
lifecycle/rotten
area/ingress-shim
|
collaborator-last commented recv-q send
|
||
| 2727 |  |
Add per-domain ACME metrics for requests | 2y | 4d | 2y | |
kind/feature
priority/awaiting-more-evidence
lifecycle/rotten
area/monitoring
|
collaborator-last commented recv recv-q
|
||
| 2636 |  |
Certificate stuck in issuing state |
|
2y | 4d | 2y |   |
area/api
kind/bug
priority/awaiting-more-evidence
lifecycle/rotten
|
collaborator-last commented recv-q send similar
|
|
| 2478 |  |