Once every quarter, look for stale issues, reprioritize, and de-duplicate.

Issues nearing expiration (39)

Resolution: Close or label as frozen

Average age: 254.0d, Avg wait: 40.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5131 ingressShim doesn't supply x.509 subject fields required by our providers (TPP) policies 3mo 2d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5128 helm chart: add annotations and labels globally 3mo 2d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5114 Intermediate certificate is not updated in child certificate 3mo 5d 3mo
kind/bug
lifecycle/stale
collaborator-last
recv
5098 Requested Certificates stuck in Pending 3mo 9d 3mo
kind/bug
lifecycle/stale
contributor-last
recv
recv-q
5088 ACME Issuer should support option to write intermediate and root CAs to Ingress TLS secret 3mo 13d 3mo
kind/feature
lifecycle/stale
collaborator-last
recv
5086 Issuing certificate as Secret does not exist 3mo 12d 3mo
lifecycle/stale
collaborator-last
recv
similar
5078 Venafi unit-test are flakey when run via make 3mo 17d
lifecycle/stale
collaborator-last
5075 Create generic middleware/wrapper for instrumenting calls to external services
3mo 17d
lifecycle/stale
collaborator-last
pr-merged
5074 Race condition between issuers, certificates, and secrets
3mo 17d 3mo
kind/bug
priority/important-soon
lifecycle/stale
collaborator-last
commented
open-milestone
pr-new-commits
send
5072 Cert-Manager auto rollout in gcloudAnthos 3mo 17d 3mo
lifecycle/stale
collaborator-last
commented
send
5068 cert-manager v1.9 tracking issue 3mo 18d
lifecycle/stale
collaborator-last
5066 Threat model for cert-manager
3mo 16d 3mo
kind/feature
lifecycle/stale
collaborator-last
commented
5064 Unable to find LetsEncrypt AccountID in Cert-manager logs. 3mo 19d 3mo
triage/support
lifecycle/stale
area/acme
collaborator-last
commented
send
5062 Cert-manager stops processing order request in "processing" status after several attempts 3mo 17d 3mo
kind/bug
lifecycle/stale
area/acme
collaborator-last
commented
recv
recv-q
5056 Cleanup after removing support for Kubernetes 1.18
3mo 3wk 3mo
kind/cleanup
priority/important-soon
lifecycle/stale
collaborator-last
commented
open-milestone
pr-merged
5028 Wrong nameserver for vault clusterissuer 4mo 16d 3mo
lifecycle/stale
collaborator-last
commented
recv
recv-q
4963 How do i get the root cert expiry metrics if manual issuer? 4mo 17d 3mo
priority/awaiting-more-evidence
priority/backlog
lifecycle/stale
collaborator-last
commented
send
4948 Apply changes to test objects by patching instead of updating
5mo 17d
priority/important-soon
lifecycle/stale
area/testing
collaborator-last
open-milestone
pr-merged
pr-unreviewed
4947 Custom labels/annotations in ACME solver services created by Issuer/ClusterIssuer
7
5mo 12d 5mo
kind/feature
lifecycle/stale
collaborator-last
recv
4940 Migrate to Ginkgo 2 to get JUnit XML reports on Prow timeouts
5mo 16d 3mo
kind/cleanup
lifecycle/stale
collaborator-last
commented
open-milestone
pr-merged
send
4928 Ensure that cmctl install/uninstall sequence works
2
5mo 17d 5mo
kind/bug
priority/important-longterm
lifecycle/stale
collaborator-last
commented
pr-merged
send
4893 Venafi ClusterIssuer fails to become Ready when authorize is slow
3
5mo 13d 3mo
kind/bug
lifecycle/stale
area/venafi
collaborator-last
commented
send
4868 Service account error if create != true
5mo 17d 3mo
kind/bug
priority/awaiting-more-evidence
lifecycle/stale
collaborator-last
commented
pr-closed
send
4855 Tooling to set up cert-manager with external dependencies
5
6mo 12d 3mo
kind/feature
priority/important-soon
lifecycle/stale
collaborator-last
commented
send
4821 Allow `ingressClassName` to be set for HTTP01 solver ingresses.
61
6mo 4d 3mo
kind/feature
lifecycle/stale
area/ingress-shim
collaborator-last
commented
pr-unreviewed
send
4648 Kubernetes 1.22 Challenge stuck at pending : Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200'
2
14
8mo 17d 8mo
kind/bug
priority/backlog
lifecycle/stale
collaborator-last
recv
recv-q
similar
4621 Allow Certificate secretTemplate to specify the cert-manager.io/allow-direct-injection annotation
8mo 17d 3mo
kind/feature
lifecycle/stale
collaborator-last
commented
open-milestone
pr-closed
send
4538 Enable new Auth methods for Vault
3
9mo 17d 3mo
priority/important-longterm
lifecycle/stale
collaborator-last
commented
send
4473 Add signing for cert-manager artifacts 10mo 17d 3mo
kind/feature
priority/important-longterm
lifecycle/stale
collaborator-last
commented
4250 Support parallel DNS validation for same host
5
1y 7d 8mo
priority/important-soon
lifecycle/stale
area/acme/dns01
collaborator-last
commented
open-milestone
recv
recv-q
4033 Automated updates of base images
1y 17d 3mo
kind/feature
priority/important-soon
lifecycle/stale
collaborator-last
commented
open-milestone
pr-merged
3820 Controller fails to process new certs when there are a large number of pending ones
3
1y 17d 6mo
kind/bug
priority/important-soon
lifecycle/stale
area/acme
assigned
assignee-updated
collaborator-last
commented
send
3761 Document a security issue reporting, response, and distribution process
2
5
1y 11d 3mo
kind/documentation
kind/feature
priority/backlog
lifecycle/stale
assigned
assignee-updated
collaborator-last
commented
pr-merged
send
2779 Support AWS Session Tokens
2
2y 17d 3mo
good first issue
help wanted
kind/feature
priority/important-longterm
lifecycle/stale
area/acme/dns01
collaborator-last
commented
send
2239 Create a CertificatePreset resource type to allow configurable defaulting
58
2y 17d 3mo
area/api
kind/feature
priority/backlog
priority/important-soon
lifecycle/stale
collaborator-last
commented
open-milestone
pr-closed
pr-merged
send
1282 Option to specify x509 extensions on certificates
12
3y 3wk 2y
area/api
help wanted
kind/feature
priority/backlog
lifecycle/stale
collaborator-last
commented
recv
recv-q
5015 Update the make target "e2e-setup-traefik" so that it can work for the version v1alpha2 of the Gateway API 4mo 5d
size/L
release-note-none
needs-rebase
approved
do-not-merge/work-in-progress
kind/cleanup
lifecycle/stale
dco-signoff: yes
area/testing
contributor-last
draft
recv-q
unreviewed
4744 Trigger controller: test the trigger cases 7mo 9d 4mo
size/XL
release-note-none
needs-rebase
approved
kind/cleanup
lifecycle/stale
dco-signoff: yes
area/testing
collaborator-last
commented
new-commits
4810 Server Side Apply: Adds support for CA Injector controller to use SSA with Feature Gate
4
6mo 9d 3mo
size/L
release-note
needs-rebase
approved
kind/feature
priority/important-soon
lifecycle/stale
dco-signoff: yes
area/deploy
collaborator-last
commented
open-milestone
reviewed-with-comment
send

Features that deserve a follow-up comment (1)

Resolution: Comment or close the issue

Average age: 750.1d, Avg wait: 590.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
262 [DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift
2y 2y 2y
kind/feature
priority/important-soon
author-last
commented
recv
recv-q

Features that have not been commented on within 90 days (4)

Resolution: Comment or close the issue

Average age: 759.9d, Avg wait: 147.7d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4349 allowing greater configuration for the cloud provider tests
1y 3mo 3mo
lifecycle/frozen
kind/feature
collaborator-last
commented
send
2178 Handling 'unregistering' certificates from Venafi TPP
11
2y 7mo 2y
lifecycle/frozen
kind/feature
priority/important-longterm
area/venafi
commented
recv-q
send
262 [DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift
2y 2y 2y
kind/feature
priority/important-soon
author-last
commented
recv
recv-q
155 Add 'unreleased version' & 'old version' warning banner to non-latest versions of docs 2y 2y 2y
kind/feature
priority/backlog
collaborator-last
commented
send

Bugs that deserve a follow-up comment (8)

Resolution: Comment or close the issue

Average age: 162.5d, Avg wait: 87.7d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5210 Use instrumentedclient when performing credential verifications for Venafi client
2mo 2mo 2mo
kind/bug
pr-closed
recv
5171 TPP Allowed Domains can cause valid certificate to error 2mo 2mo 2mo
kind/bug
area/venafi
recv
5134 Letsencrypt acme cert challenges no longer working on AKS (nginx-ingress + cert-manager + clusterissuer + letsencrypt)
2
2mo 2mo 2mo
kind/bug
recv
5132 HTTP01 - Did not get expected response when querying endpoint, expected X, but got X 2mo 2mo 2mo
kind/bug
recv
5120 Too many pending authorizations - On Certificate Orders 3mo 2mo 3mo
kind/bug
author-last
commented
recv
5042 propagation check failed: DNS record for xxx not yet propagated
2
4mo 2mo 4mo
kind/bug
recv
recv-q
similar
4685 Unexpected EOF during watch stream event decoding: unexpected EOF
7mo 3mo 7mo
lifecycle/frozen
kind/bug
contributor-last
recv
recv-q
3719 DNS-01 broken scenario (GCP Cloud DNS) 1y 2mo 1y
kind/bug
author-last
recv

Bugs that have not been commented on within 60 days (17)

Resolution: Comment or close the issue

Average age: 225.4d, Avg wait: 41.2d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5193 Stuck on "propagation check failed"
2mo 2mo 2mo
kind/bug
area/acme
collaborator-last
commented
pr-merged
send
similar
5173 Unable to create certificate with cert-manager v1.7.1 using Traefik 2.6.3 2mo 2mo 2mo
kind/bug
triage/needs-information
area/acme/http01
collaborator-last
commented
send
5150 cert-manager-cainjector not work 2mo 2mo 2mo
kind/bug
collaborator-last
commented
send
5137 Slow healthz and livez endpoints cause liveness and readiness probe failures 2mo 2mo 2mo
kind/bug
priority/important-soon
collaborator-last
commented
open-milestone
send
4980 Waiting for DNS-01 challenge propagation: dial tcp 173.245.59.41:53: connect: connection refused 4mo 2mo 4mo
kind/bug
commented
recv-q
send
similar
3896 Cert Manager failing to renew certificate
17
1y 2mo 10mo
kind/bug
commented
recv-q
send
similar
2882 Reuse / recovery of ExternalAccountBinding based account
3
6
30
2y 2mo 2y
kind/bug
priority/important-soon
area/acme
triage/needs-information
commented
pr-closed
recv-q
send
802 Spelling errors are unclear in pull request CI results and spell checker is unmaintained
6mo 6mo
kind/bug
contributor-last
pr-merged
422 Page last modified date incorrect 2y 2y 2y
kind/bug
collaborator-last
commented
send
8 previously listed items omitted: #5210 #5171 #5134 #5132 #5120 #5042 #4685 #3719

Items that deserve a follow-up comment (41)

Resolution: Comment or close the issue

Average age: 323.6d, Avg wait: 300.5d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
5211 Question about tolerations 2mo 2mo 2mo
recv
5156 Issued certificate having more validity period than root certificates. 2mo 2mo 2mo
recv
4918 Leader election timeout (?) causes exit
5mo 2mo 3mo
priority/important-longterm
commented
recv
recv-q
4216 Error getting keypair for CA issuer: error parsing ecdsa private key: x509: failed to parse EC private key: asn1: structure error: length too large 1y 1y 1y
recv
3592 Ability to not create ca.crt
2
2y 2mo 2y
author-last
commented
recv
1006 Use descriptive text instead of alt for `feature icon` 2mo 2mo 2mo
recv
1001 Document a policy for required CI health before we can release 2mo 2mo 2mo
recv
998 Documentation venafi configuration references venafi documentation page which returns 403 2mo 2mo 2mo
recv
993 Document which resources do/do not get garbage collected 2mo 2mo 2mo
good first issue
contributor-last
recv
988 Document how feature gated fields can be added to API 2mo 2mo 2mo
recv
944 Document how to install cert-manager in a different namespace
2
3mo 2mo 3mo
good first issue
assigned
assignee-updated
contributor-last
recv
recv-q
931 Improve upgrade instructions using helm
3mo 3mo 3mo
recv
923 GSoD2022: Improve the navigation and structure of the cert-manager website 3mo 3mo 3mo
assigned
contributor-last
recv
similar
899 Upgrading from v1.7 to v1.8 check command should exclude null.
2
4mo 3mo 4mo
recv
recv-q
868 Document RBAC 4mo 4mo 4mo
contributor-last
recv
similar
866 Securing NGINX-ingress 4mo 4mo 4mo
recv
similar
850 Document available cert-manager Prometheus metrics 6mo 3mo 6mo
documentation
good first issue
priority/important-longterm
contributor-last
recv
847 missing documentation/information olm based installation metric prometheus 6mo 6mo 6mo
contributor-last
recv
841 remove dependency on golang from cmctl and kubectl-plugin installation documentation
6mo 6mo 6mo
contributor-last
pr-merged
recv
recv-q
836 Syncing Secrets Across Namespaces
6mo 4mo 6mo
recv
758 API reference docs: enum values not documented with typedef 9mo 9mo 9mo
recv
746 Enable Dark mode in the docs website 9mo 9mo 9mo
recv
709 Update Securing NGINX-ingress tutorial for apiVersion networking.k8s.io/v1
10mo 9mo 10mo
good first issue
priority/important-soon
recv
706 Default key usages 10mo 10mo 10mo
recv
697 [IRSA] Needs `runAsUser: 1001` 11mo 11mo 11mo
recv
672 List required Google CloudDNS permissions exhaustively 1y 1y 1y
recv
662 Using "azureDNS" for the DNS01 Solver results "Multiple user assigned identities exist, please specify the clientId / resourceId"
1y 1y 1y
recv
645 Investigate & add an FAQ/warning about images rolled back after GitOps upgrade 1y 6mo 1y
recv
recv-q
604 Make it so that it is easier to find the doc for fixing webhook issues 1y 3mo 1y
contributor-last
recv
568 Add a diagram for LetsEncrypt cert issuance flow to the docs
4
1y 1y 1y
recv
561 Certificate Resources 1y 1y 1y
recv
similar
554 HTTP Validation, privateKeySecretRef 1y 1y 1y
contributor-last
recv
551 Documentation on how to handle large-scale certificate management & best practices
2
1y 8mo 1y
help wanted
priority/important-longterm
kind/documentation
contributor-last
recv
484 Please add anchor tags to your subheadings
1y 1y 1y
priority/backlog
kind/documentation
commented
contributor-last
pr-merged
recv
469 DNS01: Delegated Domains for DNS01 example yaml solvers list items 1y 1y 1y
recv
466 installation/compatiblity 1y 1y 1y
recv
457 cainjector docs are missing the option to inject certs in apiservice resources
1y 1y 1y
recv
454 Cluster Resource Namespace 1y 1y 1y
recv
354 DigitalOcean access-token should not be base64-encoded 2y 2y 2y
priority/awaiting-more-evidence
author-last
commented
recv
76 Upgrading from v0.10 to v0.11 - missing cainjector annotation 2y 2y 2y
priority/backlog
kind/documentation
contributor-last
recv
56 Route53: document use of "region" field 2y 1y 2y
documentation
priority/important-longterm
contributor-last
recv
recv-q

Items that have not been commented on within 60 days (82)

Resolution: Comment or close the issue

Average age: 506.6d, Avg wait: 141.8d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
1168 docs: Add info about client side certificate rotation best practices.
21
3y 2y 2y
help wanted
lifecycle/frozen
kind/documentation
priority/backlog
collaborator-last
commented
pr-closed
send
981 The `kubectl operator install` instructions are broken (after upgrading kubectl operator v0.3.0 -> v0.4.0) 3mo 3mo 3mo
commented
member-last
975 Some pages do not make it clear what the user should read next 3mo 3mo
974 Investigate styled 404 page 3mo 3mo
955 Document when the vault pki role required setting `require_cn=false` 3mo 3mo
936 Review public envvars for site 3mo 3mo 3mo
commented
member-last
922 GSoD2022: Dashamir Hoxha 3mo 3mo 3mo
assigned
assignee-updated
commented
member-last
send
921 GSoD2022: Improve the Navigation and Structure of the cert-manager Website by Mehak 3mo 3mo 3mo
assigned
assignee-updated
commented
member-last
send
similar
844 Document feature gates 6mo 6mo
similar
776 Explain that you can pre-provision a Secret and Certificate.Spec.SecretName can refer to an existing Secret 8mo 8mo 8mo
commented
member-last
send
753 Route53 - AWS IAM Account Setup is confusing
9mo 3mo 3mo
priority/backlog
commented
member-last
send
693 Azure DNS pod identity incorrectly documents principal_id 11mo 11mo 11mo
commented
member-last
send
642 Move/ link to Webhook debugging docs 1y 1y
similar
549 Effort towards a more user-friendly website 1y 1y
543 Add getting started documentation for users who want to quickly use cert-manager to issue LetsEncrypt certificates
4
1y 1y 1y
commented
member-last
send
542 Document the Istio VirtualService HTTP01 configuration options 1y 1y
532 Rework of the landing page (cert-manager.io)
3
1y 8mo 1y
help wanted
good first issue
commented
member-last
send
486 OpenShift - broken link
1y 1y 1y
commented
member-last
send
459 cert manager is no longer on the OpenShift operator list 1y 3mo 1y
priority/awaiting-more-evidence
assigned
assignee-updated
commented
contributor-last
recv-q
send
426 Create a sequence diagram that shows how a certificate gets issued with let's encrypt
2
2y 1y 1y
commented
member-last
pr-merged
425 Document ocspServers 2y 2y 2y
kind/documentation
commented
member-last
414 Explain cert-manager repo structure
2
2y 2y 2y
priority/backlog
kind/documentation
assigned
assignee-updated
commented
member-last
pr-closed
pr-merged
send
401 Bring tutorials up to date 2y 2y
priority/important-longterm
386 Uninstalling on Kubernetes - How to delete all those user created resources? 2y 2y 2y
collaborator-last
commented
send
344 Add docs to explain webhooks 2y 1y
help wanted
good first issue
priority/important-longterm
contributor-last
330 Case for CertificatePrivateKey (encoding, algorithm) is wrong (v1) 2y 2y 2y
collaborator-last
commented
send
326 Securing Ingresses with Venafi 2y 2y 2y
collaborator-last
commented
send
similar
320 Document how to install cert-manager using gitops and known issues with particular gitops implementations
3
2y 1y 2y
documentation
priority/important-soon
commented
contributor-last
295 Route53 2y 2y 2y
kind/documentation
commented
member-last
send
237 docs for ACMEChallengeSolverHTTP01Ingress doesn't specify what `class` values are available
2y 2y 2y
priority/backlog
kind/documentation
collaborator-last
commented
pr-closed
send
234 Backup and Restore Resources
3
2y 2y 2y
priority/backlog
kind/documentation
commented
member-last
pr-merged
send
232 Document keystored in usage/certificate 2y 2y
priority/backlog
kind/documentation
contributor-last
229 Documenting resolution for DigitalOcean + HTTP01 "connection timed out" error 2y 2y
priority/important-soon
kind/documentation
contributor-last
228 Documentation needs correction for external-account-bindings
2y 2y
good first issue
priority/backlog
kind/documentation
pr-merged
223 Document wildcard certificate tutorial 2y 2y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
198 Document release process 2y 2y 2y
priority/important-soon
kind/documentation
assigned
commented
member-last
send
197 Document ACME account mismatch 2y 2y 2y
good first issue
priority/backlog
kind/documentation
collaborator-last
commented
195 Document keystores 2y 1y 2y
priority/important-soon
kind/documentation
commented
member-last
send
178 Order of versions of cert-manager in menu 2y 2y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
174 Add documentation for CRD conversion webhook ca injection 2y 2y 2y
help wanted
priority/important-soon
kind/documentation
commented
member-last
send
154 Documenting repo management process 2y 2y 2y
priority/important-longterm
kind/documentation
commented
contributor-last
send
144 Improve webhook debugging info
2y 1y 2y
priority/important-soon
kind/documentation
commented
member-last
pr-merged
send
similar
130 FAQ: How does cert-manager handle ingresses with valid TLS secrets? 2y 2y 2y
help wanted
priority/backlog
kind/documentation
commented
contributor-last
send
90 Document Certificate Subject Changes 2y 2y 2y
help wanted
good first issue
priority/important-soon
collaborator-last
commented
69 SelfSignedIssuer configuration - API reference docs 2y 2y 2y
help wanted
good first issue
priority/important-soon
kind/documentation
commented
member-last
send
50 Move cert-manager-release infrastructure to CNCF's GCP account
10mo 7mo 7mo
commented
member-last
42 Publish latest release number as part of creating a final release
11mo 11mo 11mo
commented
member-last
send
31 Move the manual steps of our release process to cmrel commands
1y 11mo 11mo
commented
member-last
pr-closed
27 Create cert-manager specific testing infrastructure
1y 10mo 10mo
assigned
assignee-updated
commented
member-last
pr-merged
send
19 Incorrect command line help: should include a --branch argument 2y 2y 2y
kind/cleanup
commented
contributor-last
2 Set up periodic job to publish an experimental release build
2y 1y
priority/backlog
assigned
contributor-last
31 previously listed items omitted
Triage Party v1.3.0