queue to be emptied once a day

Unprioritized issues older than 7 days (189)

Resolution: Add a priority/ or triage/ label

Average age: 144.6d, Avg wait: 74.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4518 operator version 0.15.3 fails to install in openshift 7d 4d 5d
author-last
commented
recv
similar
4510 inject helm values for AWS service account setting 10d 10d 10d
kind/feature
recv
4505 Select preferred alternate certificate chain by CN of the rootmost certificate only 11d 11d
kind/bug
4504 Reasoning behind updating route53 records instead of creating new ones 11d 8d 11d
kind/feature
author-last
recv
4503 Latest version of kubectl cert-manager not executing on mac M1 12d 11d 11d
kind/bug
collaborator-last
commented
send
similar
4500 ./hack/update-codegen.sh downloads 1.2GiB of Go dependencies on each run 13d 13d
kind/bug
4499 go vet errors
13d 6d 13d
good first issue
kind/cleanup
commented
pr-reviewed-with-comment
recv-q
similar
4494 Prometheus metrics for Orders 13d 13d 13d
kind/feature
recv
4492 Documentation need to be more specific 14d 14d 14d
collaborator-last
recv
4490 Subject Ingress Annotations 15d 15d 15d
kind/feature
pr-changes-requested
recv
4489 Externalize controller argument config 16d 1d 16d
kind/feature
assigned
recv
4487 Add ability to specify ClusterIssuer to helm chart values
18d 18d 18d
kind/feature
recv
4483 Split cainjector out of core cert-manager
2
19d 19d
kind/feature
4480 Azure DNS ACME Solver Issue 3wk 3wk 3wk
kind/bug
recv
4473 Add signing for cert-manager artifacts 3wk 7d
kind/feature
4471 Istio sidecar is disabled by the hard coded annotation in ACME HTTP01 solver Pod 4wk 4wk 4wk
kind/feature
recv
4468 "NoCredentialProviders" error from route53 solver 4wk 4wk 4wk
kind/bug
recv
4457 Fix golint errors 5wk 4wk 4wk
good first issue
kind/cleanup
assigned
assignee-updated
commented
contributor-last
similar
4454 Add certificate issuer / issuer type in prometheus metrics
2
5wk 5wk 5wk
kind/feature
recv
4452 Error initializing issuer: context deadline exceeded 5wk 46min 5wk
kind/bug
recv
recv-q
4445 The deprecated Helm value `securityContext.enabled` should be removed 5wk 4wk
good first issue
kind/cleanup
assigned
assignee-updated
contributor-last
pr-reviewed-with-comment
4440 cert-manager check api: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
5
5wk 5wk 5wk
kind/bug
author-last
recv
recv-q
4438 Multiple solver types with matchLabels cluster-issuer not working 6wk 6wk 6wk
recv
4437 CM continues requeuing inexisting items
2
6wk 16d 6wk
kind/bug
recv
recv-q
4434 Operator projects using the removed APIs in k8s 1.22 requires changes.
2
6wk 4wk 4wk
commented
member-last
send
4427 Unable to request wildcard certificate with ACME client
6wk 6wk 6wk
kind/bug
recv
4425 WebHook error 6wk 5wk 5wk
kind/bug
commented
member-last
send
4424 Add support for setting multiple DC fields to Certificate, to allow for LDAP client authentication 6wk 6wk 6wk
kind/feature
commented
member-last
send
4423 Cert renewal loop
2
6wk 12d 12d
kind/bug
commented
member-last
send
4422 DNS01 challenge with Route 53 fails: 'Endpoint' configuration is required for this service 7wk 7wk 7wk
kind/bug
recv
4420 ACME DNS solver error "account credentials not found for domain" 7wk 7wk 7wk
kind/bug
recv
4417 to support Venafi TPP CADN parameter 7wk 7wk 7wk
kind/feature
recv
4411 Private key reuse errors with Venafi TPP
7wk 6wk 7wk
kind/bug
area/venafi
recv
recv-q
4410 Support configuration via operator subscription
2
7wk 7wk 7wk
kind/feature
recv
4375 cert-manager ignores existing controller OwnerReferences on secrets 2mo 2mo 2mo
kind/bug
recv
4374 version checker tests failing
2mo 2mo
kind/flake
contributor-last
4368 Memory leak in cainjector 2mo 2mo 2mo
recv
4360 Allow default Certificate settings to be defined within your Issuer configuration 2mo 2mo 2mo
kind/feature
recv
similar
4357 Flaky test: //test/integration/ctl TestCtlCreateCRBeforeCRIsCreated
2mo 2mo
kind/bug
kind/flake
pr-merged
4351 Flaky test: TestValidateCertificate/invalid_with_disallowed_'CertificateSecretTemplate'_annotations
2mo 4wk
kind/bug
kind/flake
contributor-last
pr-merged
recv-q
4349 allowing greater configuration for the cloud provider tests
2mo 2mo 2mo
kind/feature
recv
4340 cert-manager - No client certificate CA names sent 2mo 2mo 2mo
recv
similar
4334 Using service-account directly for Vault authentication? 2mo 2mo 2mo
kind/feature
author-last
recv
similar
4331 Add Uninstall & Upgrade commands to `kubectl cert-manager`
2mo 2mo 2mo
kind/feature
pr-closed
recv
similar
4316 Recursive nameservers for multiple domain 2mo 2mo 2mo
kind/bug
recv
4303 Allow azuredns serviceprincipal configuration from secret 2mo 7wk 2mo
kind/feature
recv
4296 Kubectl plugin - error when getting Certificate 2mo 2mo 2mo
recv
4292 Annotations and Labels must be removed from the Secret when removed from secretTemplate
2mo 2mo 2mo
kind/feature
pr-merged
recv
4289 Changing a Certificate keystores specification should update certificate Secret 2mo 2mo 2mo
kind/bug
recv
4288 Support for custom Ingress crds for http01 resolution
2mo 2mo 2mo
kind/feature
collaborator-last
commented
send
4286 support custom dns server for acme http challenges
2mo 2mo 2mo
kind/feature
pr-unreviewed
recv
4281 Can't deploy Issuer 2mo 18d 2mo
kind/bug
author-last
commented
recv
recv-q
4273 DNS01 Validation Failing: No OpenIDConnect provider found in your account 2mo 2mo 2mo
recv
4266 The automountServiceAccountToken configuration option in the Helm chart is probably unusable / unnecessary
2mo 2mo 2mo
kind/bug
commented
member-last
pr-merged
4263 Issuer Fallback
2mo 2mo 2mo
kind/feature
recv
4259 The app and app.kubernetes.io/name labels should contain `cert-manager` rather than component names
2mo 2mo 2mo
kind/bug
collaborator-last
commented
pr-merged
send
4250 Support parallel DNS validation for same host
2mo 2mo 2mo
recv
4248 Run cert-manager e2e tests with the race flag
2mo 2mo
kind/cleanup
area/testing
pr-merged
4246 ACME DNS Challenge and Propagation Delay (NXDOMAIN)
2
2mo 2mo 2mo
kind/bug
recv
4245 Ingress Shim Certificate Incorrectly Renewed Due To Usages Change
2mo 4wk 4wk
kind/bug
commented
member-last
send
4235 Reconsider error condition on empty secretnames in TLS hosts. 3mo 1d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
4220 Reuse existing identical certificates 3mo 3d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
similar
4216 Error getting keypair for CA issuer: error parsing ecdsa private key: x509: failed to parse EC private key: asn1: structure error: length too large 3mo 3mo 3mo
recv
4215 Include example manifests in this repo for reference 3mo 6d 3mo
lifecycle/stale
collaborator-last
recv
4212 Ingress-shim to remove certificates if owned ingress lacks autoCertificateAnnotations 3mo 1d 3mo
kind/feature
lifecycle/stale
collaborator-last
commented
send
4211 support for importing multiple CA in jks certificates 3mo 7d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
similar
4210 Syncing secret across namespaces gives error "unable to fetch certificate that owns the secret" 3mo 13h 3mo
kind/bug
recv
4203 Add a make target for building static manifests with specific image 3mo 11d
kind/feature
lifecycle/stale
area/deploy
collaborator-last
4196 Enhance CA issuer with HSM support
2
3mo 1mo 3mo
help wanted
kind/feature
area/ca
commented
recv
4191 Setting default values for Pod's "resources"?
2
3mo 13d 3mo
lifecycle/stale
collaborator-last
commented
send
4189 Support setting a different password for the private key in a Java keystore
3mo 5wk 5wk
area/api
good first issue
help wanted
kind/feature
collaborator-last
commented
pr-closed
pr-merged
4187 Upgrade to cert-manager v1.3.1 causes outage on EKS 3mo 14d 3mo
kind/bug
recv
recv-q
4180 Add tests to #4138
3mo 16d 3mo
kind/feature
lifecycle/stale
assigned
assignee-updated
collaborator-last
pr-merged
recv
4179 Universal cert-manager installing, uninstalling, debugging and upgrading 3mo 19d 3mo
lifecycle/stale
collaborator-last
recv
similar
4173 Enable domains for no_proxy 3mo 2wk 3mo
kind/feature
author-last
recv
recv-q
4170 Use Dependabot for automatic dependency upgrades 3mo 2wk 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
4166 cert-manager should allow to store certificate in vault 3mo 3wk 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
4159 Unable to create venafi issuer with kubernetes 3mo 3wk 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
4153 Support DoT (DNS over TLS) for Recursive Nameservers 3mo 7d 3mo
kind/feature
author-last
recv
4148 Kubernetes Ingress Controller Fake Certificate 3mo 3wk 3mo
lifecycle/stale
collaborator-last
recv
4146 Provide cert store format choice for PEM combined
3mo 3wk 3wk
good first issue
help wanted
kind/feature
collaborator-last
commented
send
4139 Old Helm charts should be deprecated
3mo 2mo 2mo
kind/bug
commented
contributor-last
pr-merged
4132 Helm chart should have kubeVersion constraints 3mo 4wk
kind/feature
lifecycle/stale
collaborator-last
pr-changes-requested
4114 Endless Sync Loop when installing Helm Chart via ArgoCD 4mo 3d 4mo
kind/bug
lifecycle/rotten
collaborator-last
pr-closed
pr-unreviewed
recv
similar
4102 Default leader election namespace to installation namespace
4mo 2mo 2mo
kind/feature
commented
member-last
pr-merged
send
4095 Update private Docker registry path 4mo 3d 4mo
lifecycle/rotten
collaborator-last
recv
4086 [CA Issuer] Metrics for getting issuer cert expiration 4mo 3d 4mo
lifecycle/rotten
collaborator-last
recv
4073 Internal error occurred: failed calling webhook 4mo 19d 4mo
lifecycle/stale
author-last
recv
recv-q
similar
4071 Add a default value to RevisionHistoryLimit if none is provided in the Certificate
4
4mo 2mo 4mo
kind/feature
recv
similar
4053 Error setup role to manage Route53 dns01
4mo 2mo 4mo
kind/bug
recv
recv-q
4041 Switch the api versions accepted by validating and mutating webhook to `v1` only 5mo 3d
kind/cleanup
lifecycle/rotten
collaborator-last
4033 Automated updates of base images
5mo 4wk 4wk
kind/feature
collaborator-last
commented
pr-merged
4032 Consider ArtifactHub vulnerability scanning 5mo 4wk 4wk
kind/feature
collaborator-last
commented
4003 Accepting challenge authorization failed 5mo 1mo 5mo
kind/bug
area/acme/http01
recv
3998 Allow setting caBundle in (Cluster)Issuers to request certificates from https ACME using internal PKI 5mo 3d 4wk
kind/feature
lifecycle/rotten
collaborator-last
commented
pr-unreviewed
send
3992 Add non-CRD yaml file 5mo 8d 3mo
area/deploy
author-last
commented
recv
3979 Certificates for multiple domains (Let's Encrypt) 5mo 3d 5mo
lifecycle/rotten
collaborator-last
recv
3977 cert-manager-webhook Firewalld Issues 5mo 3d 5mo
kind/bug
lifecycle/rotten
collaborator-last
recv
recv-q
3968 acme http01: 504 Gateway Time-out
3
5mo 2mo 5mo
kind/bug
area/acme/http01
recv
3967 Does the certificate chain include a root CA certificate by default? 5mo 3d 5mo
kind/bug
lifecycle/rotten
area/venafi
collaborator-last
recv
3961 Fix pkg/util/pki TestPrivateKeyEncodings test 5mo 3d
kind/cleanup
lifecycle/rotten
area/testing
collaborator-last
3959 Keep USERS.md up to date
5mo 3d
lifecycle/rotten
collaborator-last
3958 Sane defaults for Certificate revision history limit
2
5mo 5wk 5mo
kind/feature
recv
similar
3957 Support JKS trust store for ACME certificates 5mo 9d 5mo
kind/feature
lifecycle/stale
collaborator-last
commented
recv-q
send
similar
3949 Option to store selfsigned cert/key pair into two secrets.
4
5mo 4d 5mo
kind/feature
lifecycle/rotten
collaborator-last
recv
3948 Encryption Password for Keystore/Truststore from Vault
5mo 3d 4mo
kind/feature
lifecycle/rotten
collaborator-last
commented
recv
3947 Linting to check API annotations 5mo 4d
kind/feature
lifecycle/rotten
collaborator-last
3941 Certificate renewal get stuck if Vault becomes temporarily inaccessible during the the time of renewal.
5mo 4d 5mo
kind/bug
lifecycle/rotten
collaborator-last
recv
3930 Add migration tests against forked repositories 5mo 3d 4mo
lifecycle/rotten
collaborator-last
commented
send
3925 Please make all configuration entries under the dns providers etc. work with valueFrom 5mo 4d 5mo
lifecycle/rotten
collaborator-last
recv
3924 External Challenge Solver: Support for various Virtual Service implementations 5mo 3d 4mo
kind/feature
lifecycle/rotten
collaborator-last
commented
open-milestone
pr-merged
pr-unreviewed
send
3910 ACME Certificate in "False" state even when order and certificaterequest are completed 6mo 4d 6mo
kind/bug
lifecycle/rotten
collaborator-last
recv
3896 Cert Manager failing to renew certificate
15
6mo 4wk 4wk
kind/bug
commented
member-last
send
similar
3890 support more secret type 6mo 4d 6mo
lifecycle/rotten
collaborator-last
commented
send
3884 Certs Owner Reference on secret from issuer
6mo 3d 4mo
kind/feature
lifecycle/rotten
collaborator-last
commented
send
3874 Getting "Error from server: conversion webhook for acme.cert-manager.io/v1alpha2, Kind=Challenge failed: Post https://cert-manager-webhook.cert-manager.svc:443/convert?timeout=30s: service "cert-manager-webhook" not found"
2
6mo 4d 6mo
lifecycle/rotten
collaborator-last
recv
recv-q
similar
3747 Certificate issuerRef should be optional 7mo 1d 7mo
kind/feature
contributor-last
recv
3743 Excessive DNS caching for DNS verification
7mo 4wk 7mo
kind/bug
author-last
recv
3739 Helm chart fails to install CRDs when using ArgoCD 7mo 3d 7mo
kind/bug
lifecycle/rotten
collaborator-last
recv
similar
3723 Order stays in an unknown state indefinitely for a particular ingress 7mo 4d 7mo
kind/bug
lifecycle/rotten
collaborator-last
recv
3719 DNS-01 broken scenario (GCP Cloud DNS) 7mo 4wk 7mo
kind/bug
author-last
recv
3716 Health check failed as CertificateSource is unhealthy"
3
7mo 15d 7mo
kind/bug
lifecycle/stale
collaborator-last
recv
recv-q
3715 kube-dns not used for DNS01 challenges 7mo 4d 7mo
kind/bug
lifecycle/rotten
collaborator-last
recv
3691 no_proxy settings not honored helm/kubernetes/vault 8mo 4d 8mo
kind/bug
lifecycle/rotten
collaborator-last
recv
3690 renewal stucks and output suspicious logs periodically
8mo 4d 8mo
kind/bug
lifecycle/rotten
collaborator-last
recv
3677 Provide configuration for delayed certificate update after creation 8mo 4d 8mo
kind/feature
lifecycle/rotten
collaborator-last
recv
3676 Configuring LE wildcard cert on EKS w/ Route53 DNS 8mo 4d 8mo
lifecycle/rotten
collaborator-last
commented
send
3673 Create cert-manager container registry 8mo 4d
kind/cleanup
lifecycle/rotten
collaborator-last
3671 Transfer repository to the cert-manager organisation 8mo 4d 7mo
kind/cleanup
lifecycle/rotten
collaborator-last
commented
3668 Secure Istio Gateway in Kubernetes using cert-manager. 8mo 4d 8mo
kind/bug
lifecycle/rotten
collaborator-last
recv
similar
3660 order is showing as ready but stuck at the challenges. Not getting all the challenges. 8mo 4d 8mo
lifecycle/rotten
collaborator-last
recv
3659 custom DNS01 test fails when secondary nameserver is unresponsive 8mo 4d 8mo
kind/bug
lifecycle/rotten
collaborator-last
recv
3651 Document how to set Issuer and Subject for self-signed certificates
2
8mo 4d 8mo
kind/bug
lifecycle/rotten
collaborator-last
recv
similar
3649 Challenge & secret sometimes not getting created for route53 issuer 8mo 4d 8mo
kind/bug
lifecycle/rotten
collaborator-last
recv
3637 BadRequest error when configuring external Vault with Kubernetes authentication
4
8mo 15d 8mo
kind/bug
lifecycle/stale
collaborator-last
recv
recv-q
3617 Manage etcd, apiserver, controller-manager, scheduler, proxy, kubelet certificates 8mo 4wk 8mo
kind/feature
author-last
recv
3609 oauth2: cannot fetch token: Post \https://oauth2.googleapis.com/token": x509: certificate signed by unknown authority" 8mo 4d 8mo
lifecycle/rotten
collaborator-last
recv
3608 Unable to renew certificate for some cert hosts with propagation check failed
8mo 4d 8mo
kind/bug
lifecycle/rotten
collaborator-last
recv
recv-q
3599 Create certificate issue (showing in progress only) 9mo 4d 9mo
lifecycle/rotten
collaborator-last
recv
recv-q
3592 Ability to not create ca.crt
9mo 4wk 9mo
author-last
commented
recv
3565 requestmanager_controller got stuck in a loop and stopped generating new certificates afterward
8
9mo 6d 12d
kind/bug
commented
member-last
send
3553 ExperimentalCertificateControllers feature gate not available in v1.1 9mo 4d 9mo
kind/bug
lifecycle/rotten
collaborator-last
recv
3484 Ingress annotations with external issuer end up in eternal loop - smallstep 10mo 4d 10mo
kind/bug
lifecycle/rotten
collaborator-last
commented
recv
recv-q
3481 cert-manager stops reconciling certificate expiries
2
4
10mo 2d 10mo
kind/bug
author-last
commented
recv
recv-q
3448 Self-signed certificate has ready-state: true 11mo 4d 11mo
kind/bug
lifecycle/rotten
collaborator-last
recv
3427 Add multiple trustedCertEntries to truststores.
11mo 4d 11mo
kind/bug
lifecycle/rotten
collaborator-last
commented
send
3404 Add support for custom Certificate Extensions
4
1y 15d 15d
collaborator-last
commented
pr-closed
send
similar
3284 Support for deploying one or more issuers from helm chart 1y 4d 1y
kind/feature
lifecycle/rotten
collaborator-last
commented
send
3194 Ability to specify utilizing Ambient Credentials for Vault Auth Block
2
1y 9h 1y
kind/feature
recv
709 Update Securing NGINX-ingress tutorial for apiVersion networking.k8s.io/v1 19d 19d 19d
recv
706 Default key usages 4wk 4wk 4wk
recv
697 [IRSA] Needs `runAsUser: 1001` 6wk 6wk 6wk
recv
693 Azure DNS pod identity incorrectly documents principal_id 7wk 6wk 6wk
commented
member-last
send
672 List required Google CloudDNS permissions exhaustively 2mo 2mo 2mo
recv
662 Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"
2mo 2mo 2mo
recv
659 Document component flags 2mo 2mo 2mo
assigned
assignee-updated
contributor-last
recv
645 Investigate & add an FAQ/warning about images rolled back after GitOps upgrade 3mo 3mo 3mo
recv
642 Move/ link to Webhook debugging docs 3mo 3mo 3mo
recv
similar
604 Make it so that it is easier to find the doc for fixing webhook issues 4mo 4mo 4mo
recv
600 Remove Helm v2 from Ingress Nginx tutorial
4mo 4mo 4mo
recv
583 cert-manager with ZeroSSL
2
4mo 18d 4mo
recv
recv-q
571 Clean up old readthedocs sites
4mo 4mo 4mo
kind/cleanup
commented
member-last
568 Add a diagram for LetsEncrypt cert issuance flow to the docs
3
5mo 5mo 5mo
recv
561 Certificate Resources 5mo 5mo 5mo
recv
similar
559 Update uninstall process doc 5mo 5mo 5mo
recv
554 HTTP Validation, privateKeySecretRef 5mo 4mo 5mo
contributor-last
recv
549 Effort towards a more user-friendly website 5mo 5mo
543 Add getting started documentation for users who want to quickly use cert-manager to issue LetsEncrypt certificates
3
5mo 3mo 3mo
commented
contributor-last
recv-q
542 Document the Istio VirtualService HTTP01 configuration options 5mo 5mo
532 Rework of the landing page (cert-manager.io)
3
6mo 3mo 3mo
help wanted
good first issue
commented
member-last
send
486 OpenShift - broken link
6mo 2mo 4mo
commented
contributor-last
recv-q
send
469 DNS01: Delegated Domains for DNS01 example yaml solvers list items 7mo 7mo 7mo
recv
466 installation/compatiblity 7mo 7mo 7mo
recv
457 cainjector docs are missing the option to inject certs in apiservice resources
7mo 7mo 7mo
recv
454 Cluster Resource Namespace 7mo 7mo 7mo
recv
similar
426 Create a sequence diagram that shows how a certificate gets issued with let's encrypt
2
8mo 4mo 4mo
commented
member-last
pr-merged
425 Document ocspServers 8mo 8mo 8mo
kind/documentation
commented
member-last
422 Page last modified date incorrect 8mo 8mo 8mo
kind/bug
collaborator-last
commented
send
403 Add to documentation: change default port of webhook when using hostNetwork and default Kubelet port setting 9mo 5mo 8mo
documentation
good first issue
kind/documentation
commented
recv-q
send
386 Uninstalling on Kubernetes - How to delete all those user created resources? 10mo 10mo 10mo
collaborator-last
commented
send
330 Case for CertificatePrivateKey (encoding, algorithm) is wrong (v1) 1y 1y 1y
collaborator-last
commented
send
326 Securing Ingresses with Venafi 1y 1y 1y
collaborator-last
commented
send
295 Route53 1y 8mo 8mo
kind/documentation
commented
member-last
send
283 Document upgrade path for legacy users of v1.0 1y 4mo 8mo
kind/documentation
commented
contributor-last
send
50 Move cert-manager-release infrastructure to CNCF's GCP account 3wk 12d 12d
commented
member-last
42 Publish latest release number as part of creating a final release
7wk 6wk 6wk
commented
member-last
send
31 Move the manual steps of our release process to cmrel commands
5mo 6wk 6wk
commented
member-last
pr-closed
27 Create cert-manager specific testing infrastructure
5mo 3wk 3wk
assigned
assignee-updated
commented
member-last
pr-merged
send
similar
19 Incorrect command line help: should include a --branch argument 1y 8mo 8mo
kind/cleanup
commented
contributor-last

Uncommented older than 7 days (129)

Resolution: Add a priority/ or triage/ label

Average age: 159.0d, Avg wait: 147.6d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3909 Make wait time configurable when creating route53 challenge
2
6mo 4d 6mo
kind/feature
priority/important-longterm
lifecycle/rotten
area/acme/dns01
collaborator-last
recv
3898 Allow setting PodDisruptionBudget policies via helm chart 6mo 4wk 6mo
kind/feature
priority/important-longterm
area/deploy
author-last
pr-new-commits
recv
3825 restoring parallel setup behaviour for e2e tests 6mo 4d 6mo
good first issue
help wanted
kind/feature
priority/important-longterm
lifecycle/rotten
collaborator-last
recv
3729 Possible Bug in RFC2136? Or Missconfiguration? 7mo 4d 7mo
triage/support
lifecycle/rotten
collaborator-last
recv
3711 Export issued cert into AWS ACM
8
7mo 4wk 7mo
kind/feature
priority/backlog
collaborator-last
recv
3655 Specify Name Constraints in CA Certificate
4
8mo 2mo 8mo
kind/feature
priority/backlog
recv
3653 install cert-manager: Readiness probe failed: HTTP probe failed with statuscode: 500 8mo 3d 8mo
kind/bug
triage/support
lifecycle/rotten
collaborator-last
recv
3509 Provide a separate manifest for the cert-manager Namespace resource 10mo 4d 10mo
kind/feature
priority/important-longterm
lifecycle/rotten
collaborator-last
recv
3445 Connection refused for cert-manager-webhook service
2
11mo 4d 11mo
triage/support
lifecycle/rotten
collaborator-last
recv
recv-q
3377 CertManager does not install with default settings
4
1y 4d 1y
kind/bug
priority/important-soon
lifecycle/rotten
collaborator-last
recv
recv-q
3020 Ability to convert resources in acme.cert-manager.io group 1y 4d 1y
kind/bug
priority/important-soon
lifecycle/rotten
collaborator-last
recv
2941 Detect multiple certs pointed to the same secret
2
1y 4d 1y
kind/feature
priority/important-longterm
lifecycle/rotten
area/monitoring
collaborator-last
recv
2926 Add an ability to communicate with Vault via mTLS 1y 4d 1y
kind/feature
priority/important-longterm
area/vault
lifecycle/rotten
collaborator-last
pr-unreviewed
recv
551 Documentation on how to handle large-scale certificate management & best practices
2
5mo 5mo 5mo
help wanted
priority/important-longterm
kind/documentation
contributor-last
recv
480 Secret gets UID added to end of name 7mo 6mo 7mo
triage/support
contributor-last
recv
recv-q
76 Upgrading from v0.10 to v0.11 - missing cainjector annotation 2y 1y 2y
priority/backlog
kind/documentation
contributor-last
recv
56 Route53: document use of "region" field 2y 6mo 2y
documentation
priority/important-longterm
contributor-last
recv
recv-q
112 previously listed items omitted

Important soon, but no updates in 90 days (10)

Resolution: Downgrade to important-longterm

Average age: 512.9d, Avg wait: 29.3d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
459 cert manager is no longer on the OpenShift operator list 7mo 6mo 7mo
priority/important-soon
assigned
assignee-updated
commented
member-last
send
320 Document how to install cert-manager using gitops and known issues with particular gitops implementations
1y 4mo 1y
documentation
priority/important-soon
commented
contributor-last
similar
262 [DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift
1y 9mo 1y
kind/feature
priority/important-soon
author-last
commented
recv
recv-q
229 Documenting resolution for DigitalOcean + HTTP01 "connection timed out" error 1y 1y
priority/important-soon
kind/documentation
contributor-last
198 Document release process 1y 1y 1y
priority/important-soon
kind/documentation
assigned
commented
member-last
send
195 Document keystores 1y 4mo 1y
priority/important-soon
kind/documentation
commented
member-last
send
174 Add documentation for CRD conversion webhook ca injection 2y 1y 1y
help wanted
priority/important-soon
kind/documentation
commented
member-last
send
144 Improve webhook debugging info
2y 4mo 1y
priority/important-soon
kind/documentation
commented
member-last
pr-merged
send
similar
90 Document Certificate Subject Changes 2y 8mo 8mo
help wanted
good first issue
priority/important-soon
collaborator-last
commented
similar
69 SelfSignedIssuer configuration - API reference docs 2y 1y 1y
help wanted
good first issue
priority/important-soon
kind/documentation
commented
member-last
send

Important longterm, but no updates in 180 days (7)

Resolution: Downgrade to backlog

Average age: 534.6d, Avg wait: 97.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
2178 Handling 'unregistering' certificates from Venafi TPP
3
2y 10mo 10mo
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
collaborator-last
commented
send
401 Bring tutorials up to date 9mo 8mo
priority/important-longterm
344 Add docs to explain webhooks 1y 6mo
help wanted
good first issue
priority/important-longterm
contributor-last
223 Document wildcard certificate tutorial 1y 1y 1y
priority/important-longterm
kind/documentation
commented
contributor-last
send
178 Order of versions of cert-manager in menu 2y 1y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
154 Documenting repo management process 2y 1y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
56 Route53: document use of "region" field 2y 6mo 2y
documentation
priority/important-longterm
contributor-last
recv
recv-q

Pull Requests: Review Ready (12)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 81.8d, Avg wait: 75.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4520 Remove t.Fatal from goroutine
4
5d 23h 1d
release-note-none
size/M
dco-signoff: yes
area/testing
ok-to-test
needs-kind
author-last
commented
recv
reviewed-with-comment
4287 Acme http challenge custom dns 2mo 1d 2mo
size/L
release-note
area/api
needs-ok-to-test
area/acme
dco-signoff: yes
area/testing
area/acme/dns01
area/acme/http01
area/deploy
needs-kind
collaborator-last
recv
unreviewed
4027 bug: Don't sort json patch operations 5mo 3d 5mo
size/XS
release-note-none
approved
kind/bug
lifecycle/rotten
dco-signoff: yes
ok-to-test
collaborator-last
commented
new-commits
recv
4330 Add client certificate auth method for Vault issuer 2mo 2mo 2mo
release-note
size/XL
area/api
needs-ok-to-test
area/vault
dco-signoff: yes
area/deploy
needs-kind
author-last
recv
unreviewed
4329 [Helm Chart] Add optional service annotations 2mo 2mo 2mo
release-note
size/S
needs-ok-to-test
dco-signoff: yes
area/deploy
needs-kind
assigned
author-last
recv
reviewed-with-comment
710 Added ZeroSSL tutorial
17d 11h 17d
dco-signoff: yes
size/XL
needs-ok-to-test
assigned
author-last
recv
unreviewed
714 Updates arising from the signing release process 5d 5d
approved
dco-signoff: yes
size/M
kind/documentation
contributor-last
unreviewed
700 DNS01 webhooks : add cert-manager-alidns-webhook 5wk 18d 5wk
size/XS
dco-signoff: yes
needs-ok-to-test
assigned
author-last
recv
recv-q
unreviewed
701 Issuer with IRSA needs ambient credentials flag 5wk 4wk 5wk
dco-signoff: no
size/XS
needs-ok-to-test
assigned
author-last
recv
recv-q
unreviewed
669 kubectl --export is deprecated
2mo 1mo 2mo
dco-signoff: yes
size/S
ok-to-test
assigned
commented
contributor-last
recv
recv-q
reviewed-with-comment
451 update to ingress. 7mo 4mo 7mo
dco-signoff: no
size/XS
needs-ok-to-test
contributor-last
recv
unreviewed
528 Update "Setting Nameservers for DNS01 Self Check" example 6mo 6mo 6mo
size/XS
dco-signoff: yes
needs-ok-to-test
contributor-last
recv
unreviewed

Unkinded Issues (82)

Resolution: Add a kind/ or triage/support label

Average age: 189.3d, Avg wait: 78.6d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4536 ZeroSSL ClusterIssuer Order Fails on Finalization 1d 1d 1d
recv
4535 Kubernetes: x509 certificate signed by unknown authority, possibly because of ECDSA verification failure 1d 1d 1d
collaborator-last
commented
send
4533 Sectigo and cert-manager(v1.5.4) - error creating new order: 500 urn:ietf:params:acme:error:serverInternal 1d 1d 1d
author-last
commented
recv
recv-q
4521 This software doesn't work at all 5d 5d 5d
commented
member-last
send
3849 Make debugging e2e tests locally easier 6mo 4d
priority/backlog
lifecycle/rotten
area/testing
collaborator-last
3808 Supporting traefik IngressRoute objects?
5
6mo 4wk 6mo
priority/important-longterm
area/ingress-shim
commented
send
3555 Venafi E2E tests are all failing
9mo 4d 8mo
priority/important-soon
lifecycle/rotten
area/testing
area/venafi
collaborator-last
commented
pr-merged
3451 Move repo to cert-manager/cert-manager 11mo 2mo 2mo
priority/important-soon
Epic
assigned
assignee-updated
commented
member-last
send
3325 Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200'
10
1y 3d 4mo
priority/backlog
lifecycle/rotten
collaborator-last
commented
send
similar
3067 Reviewing 'minimum certificate duration' requirements and handling
1y 4d 1y
area/api
priority/important-longterm
lifecycle/rotten
collaborator-last
commented
open-milestone
pr-closed
pr-merged
send
2996 cainjector pod restart many times of V0.15.1
2
1y 4d 1y
triage/needs-information
lifecycle/rotten
area/cainjector
collaborator-last
commented
recv
recv-q
354 DigitalOcean access-token should not be base64-encoded 1y 8mo 11mo
priority/awaiting-more-evidence
author-last
commented
recv
2 Set up periodic job to publish an experimental release build
2y 5mo
priority/backlog
assigned
contributor-last
69 previously listed items omitted

Unprioritized Recent Issues (194)

Resolution: Add a priority/ or triage/ label

Average age: 141.0d, Avg wait: 72.1d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4537 HTTP-01 challenges fail with Istio and cert-manager 1.5 (kubernetes.io/ingress.class not set anymore) 22h 1h 1h
kind/bug
area/acme/http01
collaborator-last
commented
send
193 previously listed items omitted

Uncommented Recent Issues (1)

Resolution: Add a comment

Average age: 1.4d, Avg wait: 1.2d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4536 ZeroSSL ClusterIssuer Order Fails on Finalization 1d 1d 1d
recv
New, has multiple reactions, but not important-soon: No matching items
New, has multiple commenters, but not important-soon: No matching items

needs information, has update (3)

Resolution: Comment and remove triage/needs-information tag

Average age: 352.7d, Avg wait: 324.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3611 Order expires on renew
2
8mo 1h 8mo
kind/bug
triage/needs-information
lifecycle/rotten
commented
recv
recv-q
3534 cert-manager tries to follow CNAME while "cnameStrategy" is set to "None" 9mo 4d 8mo
kind/bug
triage/needs-information
lifecycle/rotten
collaborator-last
commented
recv
2996 cainjector pod restart many times of V0.15.1
2
1y 4d 1y
triage/needs-information
lifecycle/rotten
area/cainjector
collaborator-last
commented
recv
recv-q

Recently updated issue has a question (34)

Resolution: Add an answer

Average age: 431.2d, Avg wait: 170.7d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3990 crt.sh is showing certs issued while k8s cluster is showing status as false 5mo 5d 4mo
kind/bug
priority/important-soon
area/acme
commented
recv-q
send
3689 Certificate cannot be created because of attempts to create Order resources that already exist (on OVH)
4
8mo 3d 4mo
help wanted
kind/bug
priority/important-longterm
lifecycle/rotten
collaborator-last
commented
recv-q
send
3601 Missing nodeSelector on challenge pods
4
9mo 4d 8mo
kind/bug
triage/support
commented
pr-closed
recv-q
send
3578 problem with kubernetes v 1.19 challange get 404 expected 200
3
9mo 4d 9mo
triage/support
lifecycle/rotten
collaborator-last
commented
recv
recv-q
3576 Cert-manager does not respect TTL
4
9mo 3d 9mo
kind/feature
priority/important-soon
area/acme
area/acme/dns01
author-last
commented
recv
recv-q
3437 DNS-01 webhook improvements 11mo 4d
kind/feature
priority/backlog
lifecycle/rotten
Epic
collaborator-last
open-milestone
pr-unreviewed
recv-q
3388 https://...svc/mutate?timeout=10s: Service Unavailable 1y 4d 11mo
triage/support
lifecycle/rotten
collaborator-last
commented
recv-q
send
3381 Setup separate package for cert-manager API
3
1y 3d 4mo
kind/feature
priority/important-soon
lifecycle/rotten
assigned
assignee-updated
collaborator-last
commented
open-milestone
recv-q
send
3363 Vault Issuer with Kubernetes authentication cannot be automated via Helm
10
1y 3d 11mo
kind/bug
priority/important-longterm
area/vault
lifecycle/rotten
collaborator-last
commented
recv-q
send
similar
3133 Failed calling webhook "webhook.cert-manager.io"
4
1y 4d 1y
triage/support
lifecycle/rotten
collaborator-last
commented
recv-q
send
3009 Using workload identity instead of exporting service account keys on GKE
6
35
1y 4d 1y
help wanted
kind/feature
priority/important-longterm
lifecycle/rotten
collaborator-last
commented
recv-q
send
2969 Vault ClusterIssuer with Kubernetes authentication not possible?
1y 4d 1y
triage/support
priority/awaiting-more-evidence
lifecycle/rotten
collaborator-last
commented
recv
recv-q
similar
2959 certificate letsencrypt-staging is in status false ... 1y 4d 1y
triage/support
lifecycle/rotten
collaborator-last
commented
recv
recv-q
2906 Add Subject Key Identifier to Certificate CRD
1y 3d 1y
kind/feature
priority/important-soon
area/ca
lifecycle/rotten
collaborator-last
commented
recv-q
send
similar
2902 Cannot decrypt PKCS12 keystore
3
1y 4d 1y
kind/bug
priority/important-soon
lifecycle/rotten
commented
recv
recv-q
2899 CA-injector doc updates( was Webhook patching infinite loop)
1y 4d 1y
kind/bug
priority/awaiting-more-evidence
lifecycle/rotten
area/cainjector
collaborator-last
commented
recv
recv-q
2877 E2E: [Conformance] Certificates with issuer type ACME DNS01 Issuer should issue a basic, defaulted certificate for a single commonName and distinct dnsName defined by an ingress with annotations 1y 4d 1y
priority/important-longterm
area/acme
lifecycle/rotten
kind/flake
collaborator-last
commented
recv-q
2817 cainjector fails to start: MutatingWebhookConfiguration not found
2y 4d 2y
kind/bug
priority/important-longterm
lifecycle/rotten
area/deploy
collaborator-last
commented
recv-q
send
2768 Pass only role name and not full ARN for kube2iam
2y 4d 2y
kind/feature
priority/awaiting-more-evidence
lifecycle/rotten
area/acme/dns01
collaborator-last
commented
recv
recv-q
2763 Creating ingress-shim equivalent for Istio gateway resources 2y 4d 1y
good first issue
kind/design
kind/feature
priority/backlog
lifecycle/rotten
area/ingress-shim
collaborator-last
commented
recv-q
send
2727 Add per-domain ACME metrics for requests 2y 4d 2y
kind/feature
priority/awaiting-more-evidence
lifecycle/rotten
area/monitoring
collaborator-last
commented
recv
recv-q
2636 Certificate stuck in issuing state
2y 4d 2y
area/api
kind/bug
priority/awaiting-more-evidence
lifecycle/rotten
collaborator-last
commented
recv-q
send
similar
2478