Issues that may be waiting for our response
NOTE: for this to work properly, GitHub token must have read access to read organization members
Questions awaiting follow-up: No matching items

Bugs awaiting follow-up (51)

Resolution: Comment or close the issue

Average age: 156.8d, Avg wait: 138.2d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4246 ACME DNS Challenge and Propagation Delay (NXDOMAIN) 3d 3d 3d
kind/bug
recv
4214 Certificate orders get in an unknown state. 10d 10d 10d
kind/bug
recv
4210 Syncing secret across namespaces gives error "unable to fetch certificate that owns the secret" 12d 12d 12d
kind/bug
recv
4187 Upgrade to cert-manager v1.3.1 causes outage on EKS 19d 19d 19d
kind/bug
recv
4159 Unable to create venafi issuer with kubernetes 3wk 3wk 3wk
kind/bug
recv
similar
4144 Can't create vault Issuer with enabled JWT Issuer Validation 4wk 4d 5d
area/vault
kind/bug
priority/awaiting-more-evidence
author-last
commented
recv
4131 Changing/Renewing OAUTH token requries Re-creation of Venafi Cluster Issuer
4wk 3wk 3wk
area/venafi
kind/bug
priority/awaiting-more-evidence
author-last
commented
recv
4114 Endless Sync Loop when installing Helm Chart via ArgoCD 5wk 5wk 5wk
kind/bug
author-last
pr-closed
pr-unreviewed
recv
similar
4097 Generating SSL + ingress-nginx issue 6wk 5d 6wk
kind/bug
recv
recv-q
4053 Error setup role to manage Route53 dns01 2mo 17d 2mo
kind/bug
recv
recv-q
4023 Vault generated certificates
4
2mo 4wk 2mo
kind/bug
pr-new-commits
recv
recv-q
similar
4003 Accepting challenge authorization failed 2mo 2mo 2mo
area/acme/http01
kind/bug
recv
3977 cert-manager-webhook Firewalld Issues 2mo 2mo 2mo
kind/bug
author-last
recv
recv-q
3968 acme http01: 504 Gateway Time-out 2mo 2mo 2mo
area/acme/http01
kind/bug
recv
3967 Does the certificate chain include a root CA certificate by default? 2mo 2mo 2mo
area/venafi
kind/bug
recv
3941 Certificate renewal get stuck if Vault becomes temporarily inaccessible during the the time of renewal.
2mo 2mo 2mo
kind/bug
recv
3910 ACME Certificate in "False" state even when order and certificaterequest are completed 3mo 3mo 3mo
kind/bug
author-last
recv
3896 Cert Manager failing to renew certificate
15
3mo 10d 3mo
kind/bug
recv
recv-q
similar
3810 Certificates stuck issuing and unready after cert-manager restart 4mo 3mo 3mo
kind/bug
priority/important-soon
author-last
commented
recv
similar
3777 Non-compliant behaviour: re-POSTing challenge instead of polling authorization 4mo 2d 4mo
kind/bug
priority/awaiting-more-evidence
recv
recv-q
3755 Letsencrypt challenges missing nginx ingress and flooding apache logs 4mo 3mo 3mo
kind/bug
triage/support
author-last
commented
recv
3748 Cert-manager causes API server panic on clusters with more than 20000 secrets.
2
4mo 7wk 4mo
kind/bug
triage/needs-information
commented
pr-merged
recv
recv-q
3743 Excessive DNS caching for DNS verification
4mo 4mo 4mo
kind/bug
recv
3739 Helm chart fails to install CRDs when using ArgoCD 4mo 5wk 4mo
kind/bug
recv
similar
3723 Order stays in an unknown state indefinitely for a particular ingress 4mo 4mo 4mo
kind/bug
recv
3719 DNS-01 broken scenario (GCP Cloud DNS) 4mo 3mo 4mo
kind/bug
author-last
recv
3716 Health check failed as CertificateSource is unhealthy"
2
4mo 2wk 4mo
kind/bug
recv
recv-q
3715 kube-dns not used for DNS01 challenges 4mo 4mo 4mo
kind/bug
author-last
recv
3691 no_proxy settings not honored helm/kubernetes/vault 5mo 5mo 5mo
kind/bug
recv
3690 renewal stucks and output suspicious logs periodically
5mo 5mo 5mo
kind/bug
author-last
recv
3668 Secure Istio Gateway in Kubernetes using cert-manager. 5mo 5mo 5mo
kind/bug
author-last
recv
3659 custom DNS01 test fails when secondary nameserver is unresponsive 5mo 5mo 5mo
kind/bug
author-last
recv
3653 install cert-manager: Readiness probe failed: HTTP probe failed with statuscode: 500 5mo 2mo 5mo
kind/bug
triage/support
recv
3651 Document how to set Issuer and Subject for self-signed certificates
2
5mo 5mo 5mo
kind/bug
recv
similar
3649 Challenge & secret sometimes not getting created for route53 issuer 5mo 5mo 5mo
kind/bug
recv
3637 BadRequest error when configuring external Vault with Kubernetes authentication
2
5mo 2wk 5mo
kind/bug
recv
recv-q
3615 resourceVersion should not be set on objects to be created
8
5mo 7wk 5mo
kind/bug
triage/needs-information
recv
recv-q
3611 Order expires on renew
5mo 5mo 5mo
kind/bug
triage/needs-information
author-last
commented
recv
3608 Unable to renew certificate for some cert hosts with propagation check failed
6mo 5mo 6mo
kind/bug
recv
recv-q
3565 requestmanager_controller got stuck in a loop and stopped generating new certificates afterward
6mo 3mo 6mo
kind/bug
recv
recv-q
3553 ExperimentalCertificateControllers feature gate not available in v1.1 6mo 6mo 6mo
kind/bug
recv
3534 cert-manager tries to follow CNAME while "cnameStrategy" is set to "None" 7mo 5mo 5mo
kind/bug
triage/needs-information
author-last
commented
recv
3484 Ingress annotations with external issuer end up in eternal loop - smallstep 7mo 5mo 7mo
kind/bug
author-last
commented
recv
recv-q
3481 cert-manager stops reconciling certificate expiries
2
4
8mo 5mo 8mo
kind/bug
author-last
commented
recv
recv-q
3448 Self-signed certificate has ready-state: true 8mo 8mo 8mo
kind/bug
recv
3377 CertManager does not install with default settings
4
9mo 5mo 9mo
kind/bug
priority/important-soon
recv
recv-q
3020 Ability to convert resources in acme.cert-manager.io group 1y 1y 1y
kind/bug
priority/important-soon
recv
2968 [Google: clouddns]Selected a private zone
1y 11mo 1y
area/acme/dns01
kind/bug
priority/important-longterm
commented
contributor-last
pr-merged
recv
2902 Cannot decrypt PKCS12 keystore
3
1y 1y 1y
kind/bug
priority/important-soon
author-last
commented
recv
recv-q
2899 CA-injector doc updates( was Webhook patching infinite loop)
1y 1y 1y
area/cainjector
kind/bug
priority/awaiting-more-evidence
author-last
commented
recv
recv-q
2875 Error getting hosted zone name ... for ClusterIssuer without hostedZoneName defined.
3
1y 3mo 1y
area/acme/dns01
help wanted
kind/bug
priority/backlog
author-last
commented
recv

Features awaiting follow-up (44)

Resolution: Comment or close the issue

Average age: 210.7d, Avg wait: 182.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4247 OCP Ingress Support for Cert-Manager 1.4 3d 3d 3d
kind/feature
triage/support
author-last
commented
recv
recv-q
similar
4235 Reconsider error condition on empty secretnames in TLS hosts. 5d 5d 5d
kind/feature
recv
4220 Reuse existing identical certificates 7d 7d 7d
kind/feature
recv
similar
4211 support for importing multiple CA in jks certificates 12d 12d 12d
kind/feature
recv
similar
4196 Enhance CA issuer with HSM support
17d 6d 13d
area/ca
help wanted
kind/feature
author-last
commented
recv
4180 Add tests to #4138
3wk 3wk 3wk
kind/feature
assigned
assignee-updated
contributor-last
pr-merged
recv
4173 Enable domains for no_proxy 3wk 3wk 3wk
kind/feature
author-last
recv
recv-q
4170 Use Dependabot for automatic dependency upgrades 3wk 3wk 3wk
kind/feature
recv
4166 cert-manager should allow to store certificate in vault 3wk 3wk 3wk
kind/feature
recv
similar
4153 Support DoT (DNS over TLS) for Recursive Nameservers 3wk 3wk 3wk
kind/feature
recv
4146 Provide cert store format choice for PEM combined
4wk 4wk 4wk
kind/feature
recv
4135 Exclude some parent labels from being replicated on child objects 4wk 4wk 4wk
kind/feature
author-last
recv
4071 Add a default value to RevisionHistoryLimit if none is provided in the Certificate
7wk 7wk 7wk
kind/feature
recv
similar
3998 Allow setting caBundle in (Cluster)Issuers to request certificates from https ACME using internal PKI 2mo 2mo 2mo
kind/feature
pr-unreviewed
recv
3958 Sane defaults for Certificate revision history limit
2
2mo 2mo 2mo
kind/feature
recv
similar
3949 Option to store selfsigned cert/key pair into two secrets.
2
2mo 2mo 2mo
kind/feature
recv
3948 Encryption Password for Keystore/Truststore from Vault 2mo 7wk 2mo
kind/feature
author-last
commented
recv
3909 Make wait time configurable when creating route53 challenge
2
3mo 3mo 3mo
area/acme/dns01
kind/feature
priority/important-longterm
recv
3898 Allow setting PodDisruptionBudget policies via helm chart 3mo 3mo 3mo
area/deploy
kind/feature
priority/important-longterm
pr-new-commits
recv
3853 Be able to specify the imagePullSecret to use for the HTTP01 ACME solver pod 3mo 2mo 2mo
kind/feature
priority/important-longterm
author-last
commented
recv
similar
3825 restoring parallel setup behaviour for e2e tests 3mo 3mo 3mo
good first issue
help wanted
kind/feature
priority/important-longterm
recv
3780 WSL2 support or is there an existing process in place? 4mo 2mo 4mo
kind/feature
priority/backlog
recv
3747 Certificate issuerRef should be optional 4mo 4mo 4mo
kind/feature
recv
3711 Export issued cert into AWS ACM
3
4mo 3mo 4mo
kind/feature
priority/backlog
recv
3681 When using a keystore.jks in secret, how can I specify a name for the alias 5mo 5mo 5mo
kind/feature
recv
3677 Provide configuration for delayed certificate update after creation 5mo 5mo 5mo
kind/feature
recv
3675 Donation of jniebuhr/aws-pca-issuer to the Cert Manager project
2
6
5mo 2mo 5mo
kind/documentation
kind/feature
priority/backlog
author-last
recv
3655 Specify Name Constraints in CA Certificate 5mo 2mo 5mo
kind/feature
priority/backlog
recv
3617 Manage etcd, apiserver, controller-manager, scheduler, proxy, kubelet certificates 5mo 5mo 5mo
kind/feature
recv
3509 Provide a separate manifest for the cert-manager Namespace resource 7mo 5mo 7mo
kind/feature
priority/important-longterm
recv
3342 Add PrometheusRule
9mo 9mo 9mo
area/deploy
good first issue
help wanted
kind/feature
priority/backlog
assigned
assignee-updated
commented
pr-reviewed-with-comment
recv
3194 Ability to specify utilizing Ambient Credentials for Vault Auth Block
11mo 11mo 11mo
kind/feature
recv
3181 as a user, I don't known that ACME HTTP01 solvers cannot be used for wildcard certs
2
11mo 11mo 11mo
area/acme
kind/feature
priority/important-longterm
author-last
commented
recv
2943 Allow to configure the name of the keystore file 1y 1y 1y
kind/feature
priority/awaiting-more-evidence
author-last
commented
recv
2941 Detect multiple certs pointed to the same secret
2
1y 11mo 1y
area/monitoring
kind/feature
priority/important-longterm
contributor-last
recv
2926 Add an ability to communicate with Vault via mTLS 1y 1y 1y
area/vault
kind/feature
priority/important-longterm
recv
2894 Add configuration for what SANs are allowed based on namespace 1y 1y 1y
kind/feature
priority/important-longterm
author-last
commented
recv
2768 Pass only role name and not full ARN for kube2iam
1y 1y 1y
area/acme/dns01
kind/feature
priority/awaiting-more-evidence
commented
contributor-last
recv
recv-q
2727 Add per-domain ACME metrics for requests 1y 1y 1y
area/monitoring
kind/feature
priority/awaiting-more-evidence
commented
contributor-last
recv
recv-q
2507 Allow upload of external certificates. 2y 1y 1y
area/api
kind/feature
priority/awaiting-more-evidence
author-last
commented
recv
2446 Support enforcing DNS name constraints in CA Issuer type
2y 1y 2y
area/ca
kind/feature
lifecycle/stale
priority/backlog
commented
recv
2332 Private ACME authority aka custom root certificate for ACME
7
2y 4mo 1y
area/acme
good first issue
help wanted
kind/feature
priority/backlog
commented
recv
recv-q
1282 Option to specify x509 extensions on certificates
7
2y 1y 2y
area/api
help wanted
kind/feature
priority/backlog
commented
recv
recv-q
262 [DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift
1y 6mo 1y
kind/feature
priority/important-soon
author-last
commented
recv
recv-q
Items that deserve a follow-up comment: No matching items
Triage Party v1.3.0