Issues that may be waiting for our response
NOTE: for this to work properly, GitHub token must have read access to read organization members
Questions awaiting follow-up: No matching items

Bugs awaiting follow-up (44)

Resolution: Comment or close the issue

Average age: 202.6d, Avg wait: 134.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6884 Not able to generate .p12 certificates by cert-manager 18d 7h 18d
kind/bug
recv
recv-q
similar
6877 The order remains in the invalid state 3wk 3wk 3wk
kind/bug
author-last
recv
6874 DNS-01: "propagation check failed" err="NS ns-0.awsdns-00.com.:53 returned REFUSED for _acme-challenge.stage-keycloak.xxxx.com." logger="cert-manager.challenges" resource_name="stage-keycloak.xxxx-1647614373" resource_namespace="keycloak" resource_kind="Challenge" resource_version="v1" dnsName="stage-keycloak.xxxx.xxxx.com" 4wk 4wk 4wk
kind/bug
recv
6837 Duplicate CertificateRequests for next revision require manual intervention
3
6wk 6wk 6wk
kind/bug
recv
6815 Certificate secrets are not recreated when critical fields change 7wk 7wk 7wk
kind/bug
recv
6805 Ingress routes for challenges created with pathType: ImplementationSpecific not working with Cilium 7wk 7wk 7wk
kind/bug
recv
6804 failed to change Route 53 record set: RequestError: send request failed. remote error: tls: handshake failure 7wk 7wk 7wk
kind/bug
recv
6762 cert-manager http01 challenge doesnt work out of the box in k3s cluster with traefik. Pod is forever progressing. Error 503 when accessing http01 pod 2mo 4wk 2mo
kind/bug
recv
6753 reflector.go: nable to sync list result: internal error: cannot cast object DeletedFinalStateUnknown
4
2mo 2mo 2mo
kind/bug
author-last
recv
recv-q
6741 ACME account private key and URI are not updated if the path of the ACME server is changed
5
2mo 2mo 2mo
kind/bug
recv
6673 Missing RBAC permissions for kubernetes serviceaccount against Vault issuer.
2mo 2mo 2mo
kind/bug
recv
6651 ingressClassName incompatible with http01-ingress-class annotation 3mo 13d 3mo
kind/bug
recv
recv-q
similar
6649 Gateway API CRDs exist, yet getting "the Gateway API CRDs do not seem to be present, but ExperimentalGatewayAPISupport is set to true. Please install the gateway-api CRDs" error message.
6
3mo 7wk 3mo
kind/bug
recv
recv-q
6640 Intermittient DNS problem: networking error looking up CAA for xxx 3mo 9d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6632 Vault Issuer: The CA full chain is not included into the ca.crt
3mo 2mo 3mo
kind/bug
commented
recv
recv-q
6625 Terraform helm provider Chart.yaml file missing 3mo 13d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6624 cainjector not creating/updating Secrets after root CA rotation
5
3mo 14d 3mo
kind/bug
recv
6602 Cert manager not retrying after initial issuance is failed 3mo 19d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
6594 Waiting for DNS-01 challenge propagation: DNS record for 'hmccloud.com' not yet propagated.
3mo 2wk 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
similar
6554 Intermediate certificate is not updated in child certificates
3
4mo 5wk 4mo
kind/bug
author-last
recv
6553 Update Certificate API definition on key length 4mo 13d 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
6541 keyUsage extension may be empty 4mo 1d 4mo
kind/bug
author-last
recv
6536 challenge stuck in pending state - certifcate never gets ready
4mo 3wk 4mo
kind/bug
lifecycle/stale
collaborator-last
recv
recv-q
6528 Unable to create certificates for domains mentioned in Selector DNS zones
4mo 7wk 4mo
kind/bug
recv
6524 Issuer for Gateway uses the hostname only rather than the httproutes 4mo 19d 4mo
kind/bug
lifecycle/rotten
recv
6522 Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook code 503: 503 Service Unavailable 4mo 3wk 4mo
kind/bug
lifecycle/rotten
collaborator-last
recv
similar
6520 Creating multiple Certificates with duplicate dnsNames (Issuing certificate as Secret does not exist) 4mo 3wk 4mo
kind/bug
lifecycle/rotten
recv
recv-q
6510 DNS-01 challenge propagation | NS ns-512.awsdns-00.net.:53 returned REFUSED for _acme-challenge ....
2
5mo 8h 5mo
kind/bug
lifecycle/stale
commented
recv
6473 Ingress labels copied to certificate, causing issues with applysets
2
5mo 2mo 5mo
kind/bug
author-last
pr-unreviewed
recv
6464 Requeing due to optimistic locking and slow retry
5
5mo 5wk 5mo
kind/bug
recv
recv-q
6378 Renewal fails during aws-privateca-issuer downtime, continues to fail after issuer returns to service
11
6mo 19d 6mo
kind/bug
lifecycle/stale
recv
6230 cert-manager DDoSes DNS-01 solver - infinite rate limiting
9mo 2mo 9mo
kind/bug
area/acme/dns01
recv
recv-q
6197 Securing Gateway resources with non HTTPS listeners generate BadConfig events
27
9mo 13d 9mo
kind/bug
pr-merged
recv
recv-q
6897 Not able to set the default ingressClassName when user creates issuer using class tag. 11d 1d 1d
kind/bug
author-last
commented
pr-closed
pr-unreviewed
recv
6065 acme-http01-edit-in-place is ignored when edit ingress resource - has to be re-added
2
2
9
11mo 2mo 11mo
kind/bug
pr-unreviewed
recv
recv-q
5917 Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated
15
1y 6wk 1y
kind/bug
assigned
assignee-updated
commented
recv
recv-q
similar
6184 Conflicting ingressClassName http01 issuer spec and acme.cert-manager.io/http01-ingress-class annotation
6
10mo 5wk 10mo
kind/bug
recv
recv-q
similar
5864 Certmgr allows creating certificates expiring after ca expiration.
4
1y 2mo 1y
kind/bug
author-last
recv
5751 Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together
1y 19d 1y
kind/bug
recv
recv-q
5557 error instantiating route53 challenge solver: unable to assume role: AccessDenied:
2
10
1y 4wk 1y
kind/bug
lifecycle/rotten
collaborator-last
recv
recv-q
similar
5538 Unable to set IPv6 podDNS config from values 2y 15d 2y
kind/bug
recv
recv-q
5486 Aggressive Retries from "error instantiating route53 challenge solver"
4
2y 2mo 2y
kind/bug
recv
recv-q
similar
5048 certificate not renewed for ingress with multiple hosts and http01-edit-in-place
4
2y 4wk 2y
kind/bug
priority/backlog
author-last
commented
recv
recv-q
4749 rfc2136 seems to not work with deep subdomains 2y 2mo 2y
kind/bug
area/acme/dns01
commented
recv
recv-q

Features awaiting follow-up (38)

Resolution: Comment or close the issue

Average age: 191.1d, Avg wait: 84.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
6903 Adding custom annotation to cm ingress resources
8d 8d 8d
kind/feature
recv
6898 Venafi Certificate Valid Date 11d 11d 11d
kind/feature
recv
6883 Akamai Edge DNS - Support for "Account Switch Key" in DNS01 Solver  19d 19d 19d
kind/feature
recv
6880 configure cert-manager ClusterIssuer/Issuer in k8s cluster with CA certificate stored in Azure Key Vault 3wk 3wk 3wk
kind/feature
recv
6851 Unnecesary empty apiGroup on HelmChart
5wk 3wk 3wk
kind/feature
author-last
commented
recv
6850 Allow secretless authentication in clusterissuer 5wk 5wk 5wk
kind/feature
recv
similar
6848 Vault JWT Auth support undocumented? 6wk 6wk 6wk
kind/feature
recv
6783 Add support for passwordless pkcs12 keystore
6
14
2mo 8h 2mo
kind/feature
pr-reviewed-with-comment
recv
6777 CertificateRequest ready status metric 2mo 2mo 2mo
kind/feature
recv
similar
6765 feature: Promote ExperimentalGatewayAPISupport feature to GA 2mo 2mo 2mo
kind/feature
recv
6756 When deleting a certificate resource, delete its certificate requests as well 2mo 2mo 2mo
kind/feature
recv
similar
6754 Schedule certificate renewal outside business hours 2mo 2mo 2mo
kind/feature
recv
6752 Support LocalSubjectAccessReview if namespace option is non-empty
2mo 2mo 2mo
kind/feature
pr-merged
recv
6707 Check multiple nameservers for self check validation if self check status not 200 2mo 2mo 2mo
kind/feature
recv
6691 Release name is not getting matched with label when using argocd to deploy the helm chart 2mo 2mo 2mo
kind/feature
recv
6662 support overriding of ttl in cloudflare 3mo 15h 3mo
kind/feature
lifecycle/stale
recv
6653 configuration options for certificate chain 3mo 5d 3mo
kind/feature
lifecycle/stale
recv
similar
6652 Support for GCP Multi Cluster Gateway and HTTP01
3mo 6d 3mo
kind/feature
lifecycle/stale
recv
6615 HTTP01 Config Map Challenge Flow
2
3mo 17d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
6569 Add documentation for istio-csr and ingress with istio 4mo 2d 4mo
kind/feature
lifecycle/rotten
recv
similar
6564 Make Service Port and Webhook Service Port Configurable in Helm Chart 4mo 5d 4mo
kind/feature
lifecycle/rotten
recv
6527 Support for "UID" RDN in X509 Subject
4
4mo 3wk 4mo
kind/feature
recv
recv-q
6502 Can the duration of the server cert that is generated for the webhook be set?
5mo 11d 5mo
kind/feature
lifecycle/rotten
collaborator-last
recv
6489 Add support for custom-fields into the ingress annotations
2
5mo 5d 5mo
kind/feature
lifecycle/rotten
contributor-last
recv
recv-q
6472 Create TLSA records automatically
5
5mo 2mo 5mo
kind/feature
recv
6470 ingress-shim: allow to impersonate ingress-creator instead of using cert-manager serviceaccount 5mo 2mo 5mo
kind/feature
author-last
recv
6422 Allow for Configuration of ValidatingWebhook in Helm 6mo 7d 6mo
kind/feature
lifecycle/rotten
recv
recv-q
similar
6312 Report issuer/clusterissuer status as a metric
7
7mo 2mo 7mo
kind/feature
author-last
recv
6141 Consider exposing previous certificates/keys in the kubernetes secret so that workloads can implement a grace period when a certificate rotates
3
10mo 7d 10mo
kind/feature
lifecycle/stale
collaborator-last
commented
recv
recv-q
6138 allow unencrypted private keys for PKCS12 output
4
10mo 4wk 10mo
kind/feature
lifecycle/stale
collaborator-last
recv
6117 Vault Issuer Read caBundle from ConfigMap
4
10mo 13d 3mo
area/api
kind/feature
area/vault
commented
contributor-last
recv
similar
5904 Support Azure Private DNS Zones for DNS Challenge
2
7
1y 16h 1y
kind/feature
lifecycle/rotten
recv
recv-q
5821 Allow renewBefore to be a percentage 1y 5d 1y
kind/feature
lifecycle/rotten
contributor-last
recv
recv-q
5783 Add k8s.io/client-go/applyconfigurations style *ApplyConfigurations for the included CRDs
1y 2mo 1y
kind/feature
author-last
commented
pr-closed
recv
5697 Support PodSecurityAdmission
6
1y 3wk 1y
kind/feature
recv
recv-q
5540 Changelog annotations to chart 2y 2d 2y
kind/feature
author-last
recv
5430 Improving DNS-01 challenge performance
4
2y 18d 2y
kind/feature
lifecycle/stale
collaborator-last
pr-closed
pr-unreviewed
recv
4797 Automatically renew certificates if OCSP indicates that it was revoked
17
2y 4wk 2y
kind/feature
area/acme
author-last
commented
recv
recv-q
Items that deserve a follow-up comment: No matching items
Triage Party v1.4.0