Once every quarter, look for stale issues, reprioritize, and de-duplicate.

Issues nearing expiration (1)

Resolution: Close or label as frozen

Average age: 594.1d, Avg wait: 590.2d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
2446 Support enforcing DNS name constraints in CA Issuer type
2y 1y 2y
area/ca
kind/feature
lifecycle/stale
priority/backlog
commented
recv

Features that deserve a follow-up comment (23)

Resolution: Comment or close the issue

Average age: 351.4d, Avg wait: 302.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3909 Make wait time configurable when creating route53 challenge
2
3mo 3mo 3mo
area/acme/dns01
kind/feature
priority/important-longterm
recv
3898 Allow setting PodDisruptionBudget policies via helm chart 3mo 3mo 3mo
area/deploy
kind/feature
priority/important-longterm
pr-new-commits
recv
3825 restoring parallel setup behaviour for e2e tests 3mo 3mo 3mo
good first issue
help wanted
kind/feature
priority/important-longterm
recv
3747 Certificate issuerRef should be optional 4mo 4mo 4mo
kind/feature
recv
3711 Export issued cert into AWS ACM
3
4mo 3mo 4mo
kind/feature
priority/backlog
recv
3681 When using a keystore.jks in secret, how can I specify a name for the alias 5mo 5mo 5mo
kind/feature
recv
3677 Provide configuration for delayed certificate update after creation 5mo 5mo 5mo
kind/feature
recv
3617 Manage etcd, apiserver, controller-manager, scheduler, proxy, kubelet certificates 5mo 5mo 5mo
kind/feature
recv
3509 Provide a separate manifest for the cert-manager Namespace resource 7mo 5mo 7mo
kind/feature
priority/important-longterm
recv
3342 Add PrometheusRule
9mo 9mo 9mo
area/deploy
good first issue
help wanted
kind/feature
priority/backlog
assigned
assignee-updated
commented
pr-reviewed-with-comment
recv
3194 Ability to specify utilizing Ambient Credentials for Vault Auth Block
11mo 11mo 11mo
kind/feature
recv
3181 as a user, I don't known that ACME HTTP01 solvers cannot be used for wildcard certs
2
11mo 11mo 11mo
area/acme
kind/feature
priority/important-longterm
author-last
commented
recv
2943 Allow to configure the name of the keystore file 1y 1y 1y
kind/feature
priority/awaiting-more-evidence
author-last
commented
recv
2941 Detect multiple certs pointed to the same secret
2
1y 11mo 1y
area/monitoring
kind/feature
priority/important-longterm
contributor-last
recv
2926 Add an ability to communicate with Vault via mTLS 1y 1y 1y
area/vault
kind/feature
priority/important-longterm
recv
2894 Add configuration for what SANs are allowed based on namespace 1y 1y 1y
kind/feature
priority/important-longterm
author-last
commented
recv
2768 Pass only role name and not full ARN for kube2iam
1y 1y 1y
area/acme/dns01
kind/feature
priority/awaiting-more-evidence
commented
contributor-last
recv
recv-q
2727 Add per-domain ACME metrics for requests 1y 1y 1y
area/monitoring
kind/feature
priority/awaiting-more-evidence
commented
contributor-last
recv
recv-q
2507 Allow upload of external certificates. 2y 1y 1y
area/api
kind/feature
priority/awaiting-more-evidence
author-last
commented
recv
2446 Support enforcing DNS name constraints in CA Issuer type
2y 1y 2y
area/ca
kind/feature
lifecycle/stale
priority/backlog
commented
recv
2332 Private ACME authority aka custom root certificate for ACME
7
2y 4mo 1y
area/acme
good first issue
help wanted
kind/feature
priority/backlog
commented
recv
recv-q
1282 Option to specify x509 extensions on certificates
7
2y 1y 2y
area/api
help wanted
kind/feature
priority/backlog
commented
recv
recv-q
262 [DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift
1y 6mo 1y
kind/feature
priority/important-soon
author-last
commented
recv
recv-q

Features that have not been commented on within 90 days (98)

Resolution: Comment or close the issue

Average age: 387.6d, Avg wait: 70.9d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3920 Support gateway-api HTTPRoute for HTTP01 solving 3mo 3mo 3mo
help wanted
kind/feature
priority/backlog
collaborator-last
commented
send
similar
3904 Akamai Fast DNS should use V2 API and rename to Edge DNS
3mo 3mo 3mo
area/acme/dns01
kind/bug
kind/feature
priority/important-soon
assigned
assignee-updated
collaborator-last
commented
send
3888 Create process for cert-manager distributors to get advance embargoed security notices 3mo 3mo
kind/feature
priority/backlog
3852 Be able to specify a serviceAccount for the HTTP01 ACME solver pod
3mo 3mo 3mo
kind/feature
priority/important-soon
collaborator-last
commented
pr-closed
send
similar
3814 Can `cert-manager.io/cluster-issuer: nameOfClusterIssuer` annotation be made to work on a namespace? 4mo 3mo 3mo
area/api
area/ingress-shim
kind/feature
priority/awaiting-more-evidence
collaborator-last
commented
send
similar
3804 support building for and from ARM
2
5
4mo 3mo 3mo
kind/feature
priority/important-longterm
collaborator-last
commented
pr-merged
pr-unreviewed
send
3801 Allow defining prime time windows where we don't want certificate renewal getting triggered
4mo 3mo 3mo
kind/feature
priority/important-longterm
commented
member-last
send
3799 keystores generation when securing ingress
2
2
4mo 3mo 3mo
kind/feature
priority/backlog
collaborator-last
commented
send
3761 Document a security issue reporting, response, and distribution process
2
5
4mo 3mo 3mo
kind/documentation
kind/feature
priority/important-soon
assigned
assignee-updated
collaborator-last
commented
pr-merged
send
3751 Cert-Manager doesn't proxying custom annotations from Ingress
4mo 3mo 3mo
area/ingress-shim
kind/feature
priority/backlog
collaborator-last
commented
pr-unreviewed
send
similar
3720 Feature Request: Multi-cloud testing 4mo 4mo 4mo
help wanted
kind/feature
priority/backlog
commented
member-last
3654 Create a Docker image with release dependencies/commands 5mo 5mo
kind/feature
priority/important-longterm
3612 CLI tool should have a dedicated backup and restore subcomand 5mo 5mo 5mo
area/ctl
kind/feature
priority/important-soon
commented
member-last
send
3606 Provide windows images for all components
6mo 3mo 3mo
kind/feature
priority/backlog
commented
member-last
pr-reviewed-with-comment
send
3602 Make it easy to run the issuer conformance tests for any external issuer
6mo 3mo 3mo
kind/feature
priority/backlog
commented
member-last
pr-merged
send
3586 inspect secret in cert-manager certificate definition
6mo 3mo 3mo
kind/feature
priority/backlog
commented
member-last
pr-merged
send
3576 Cert-manager does not respect TTL
2
6mo 6mo 6mo
area/acme
area/acme/dns01
kind/feature
priority/important-soon
collaborator-last
commented
send
3568 Feature: ACME Route53 credentials both in secret resource 6mo 3mo 3mo
kind/feature
priority/important-longterm
collaborator-last
commented
send
3549 Ingress that set ".../ingress.allow-http: false" hang forever with no messages 6mo 5mo 5mo
good first issue
help wanted
kind/feature
priority/backlog
collaborator-last
commented
send
3521 Integration with ExternalDNS
6
7mo 5mo 7mo
help wanted
kind/feature
priority/important-longterm
commented
send
3473 Draft a design for handling identity, policy, and certificates.k8s.io adoption 8mo 5mo 8mo
kind/feature
priority/important-soon
assigned
assignee-updated
collaborator-last
commented
pr-merged
pr-new-commits
pr-reviewed-with-comment
send
3468 Multiple PrivateKeyEntry in keystore ? 8mo 5mo 5mo
area/api
kind/feature
priority/backlog
collaborator-last
commented
send
3462 Store older versions of certificate secrets 8mo 5mo 5mo
help wanted
kind/feature
priority/backlog
collaborator-last
commented
send
similar
3437 DNS-01 webhook improvements 8mo 5mo
Epic
kind/feature
priority/backlog
open-milestone
pr-unreviewed
recv-q
3371 Make deployment matchLabels configurable
9mo 5mo 9mo
kind/feature
priority/important-soon
collaborator-last
commented
pr-closed
send
3366 Export certificate controller sync call duration metrics
9mo 9mo 9mo
kind/feature
priority/important-longterm
collaborator-last
commented
send
3298 Let's encrypt certificate caching to mitigate rate limits problems
2
2
10mo 3mo 3mo
help wanted
kind/feature
priority/backlog
collaborator-last
commented
send
3291 GitOps based e2e tests 10mo 8mo
area/testing
kind/feature
priority/important-longterm
open-milestone
3284 Support for deploying one or more issuers from helm chart 10mo 5mo 10mo
kind/feature
commented
send
3259 Export controller processing errors counter
7
10mo 5mo 5mo
kind/feature
priority/important-longterm
commented
member-last
send
3231 Reconnect transparently when kubernetes master unavailable 11mo 5mo 5mo
kind/feature
priority/backlog
commented
member-last
send
3188 Add API compatibility tests
11mo 5mo 5mo
area/api
kind/feature
priority/important-soon
assigned
assignee-updated
commented
member-last
open-milestone
send
3149 Improve documentation of union types in the API
11mo 5mo 9mo
kind/documentation
kind/feature
priority/important-longterm
collaborator-last
commented
open-milestone
pr-merged
send
3145 Ctl command status certificate: Output info about completed CRs 11mo 8mo 8mo
area/ctl
kind/feature
priority/important-soon
collaborator-last
commented
send
3122 ACME Revoke CLI
1y 11mo 11mo
area/acme
area/ctl
kind/feature
priority/backlog
collaborator-last
commented
3084 Allow AccountID to be specified for Route53 (Cross-Account with AWS GovCloud and Normal)
1y 11mo 11mo
area/acme/dns01
kind/feature
priority/backlog
commented
member-last
send
3074 Support async issuer design
1y 5mo 5mo
kind/feature
priority/backlog
commented
member-last
open-milestone
pr-merged
send
3072 How to run coverage test? 1y 11mo 11mo
area/testing
kind/feature
priority/backlog
commented
member-last
send
3009 Using workload identity instead of exporting service account keys on GKE
4
30
1y 4mo 11mo
help wanted
kind/feature
priority/important-longterm
commented
recv-q
send
2998 Challenge failure metrics 1y 11mo 11mo
area/acme
kind/feature
priority/important-longterm
collaborator-last
commented
send
2988 vault: allowing asynchronous issuance of certificates 1y 11mo
area/vault
kind/feature
priority/important-soon
2891 [feature - helm chart] Auto document the Parameters table using helm-docs
1y 4mo 4mo
area/deploy
good first issue
help wanted
kind/feature
priority/backlog
assigned
assignee-updated
commented
member-last
pr-new-commits
pr-reviewed-with-comment
send
2883 Deploy cert-manager-webook to restrictive PSPs
1y 1y 1y
area/deploy
area/webhook
kind/feature
priority/awaiting-more-evidence
collaborator-last
commented
pr-closed
send
2805 Enrollment over Secure Transport (EST)
7
1y 1y 1y
area/api
help wanted
kind/feature
priority/backlog
collaborator-last
commented
send
2779 Support AWS Session Tokens
1y 1y 1y
area/acme/dns01
help wanted
kind/feature
priority/important-longterm
collaborator-last
commented
send
2764 ECDSA-certificates through ingress-shim?
6
1y 8mo 8mo
area/ingress-shim
good first issue
help wanted
kind/feature
priority/backlog
collaborator-last
commented
send
2763 Creating ingress-shim equivalent for Istio gateway resources 1y 3mo 10mo
area/ingress-shim
good first issue
kind/design
kind/feature
priority/backlog
commented
recv-q
send
2760 Filter domains 1y 1y 1y
area/api
kind/feature
priority/awaiting-more-evidence
collaborator-last
commented
send
2722 Inject CA certificate into Secrets with cainjector
8
1y 5mo 9mo
kind/feature
priority/awaiting-more-evidence
commented
recv-q
send
similar
2695 Kubelet TLS using external signerName controllers 1y 1y 1y
Epic
kind/feature
priority/important-longterm
assigned
assignee-updated
collaborator-last
commented
send
2619 [Feature] RFC6712 Certificate Management Protocol (CMP) Proxy support for cert-manager webhook.
3
1y 1y 1y
help wanted
kind/feature
priority/backlog
collaborator-last
commented
send
2617 release-tars: allow plumbing through custom registry through to Helm chart & manifests 1y 1y
area/deploy
kind/feature
priority/important-longterm
2605 No flag to set structured logging output, e.g. JSON?
16
1y 10mo 10mo
help wanted
kind/feature
priority/backlog
collaborator-last
commented
send
2579 Support ingressNamespace for HTTP01 Challenges on ClusterIssuers
1y 1y 1y
area/acme/http01
area/api
kind/feature
priority/backlog
assigned
assignee-updated
collaborator-last
commented
pr-closed
send
2576 Support adding custom annotations to generated secret
6
42
1y 3mo 1y
kind/feature
priority/backlog
commented
contributor-last
pr-new-commits
recv-q
send
2572 OpenAPI based field defaulting 1y 1y 1y
area/api
kind/feature
priority/important-longterm
collaborator-last
commented
send
2538 cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer
43
2y 5mo 1y
area/api
kind/feature
priority/backlog
commented
recv-q
send
similar
2522 Way to put cert secret to custom namespace
3
2y 4mo 2y
area/api
kind/feature
priority/awaiting-more-evidence
commented
pr-closed
recv-q
send
2488 Signed images 2y 1y 1y
area/deploy
kind/feature
priority/important-longterm
collaborator-last
commented
send
2480 Impliment OpenStack Designate as a DNS01 Challenge Provider
9
2y 1y 1y
area/acme/dns01
help wanted
kind/feature
priority/backlog
commented
pr-closed
send
2479 Allow CA issuers to generate their own secrets
5
2y 1y 1y
area/ca
kind/feature
priority/important-longterm
collaborator-last
commented
send
2454 RBAC rule for showing running cert-manager in a single namespaces 2y 1y
area/deploy
kind/feature
priority/important-longterm
2431 Limit the namespaces in which ca-acme-http-solver pod is created. 2y 1y 1y
area/acme
kind/feature
priority/backlog
collaborator-last
commented
send
2429 No imagePullSecret can be set for acme-http01-solver-image to use a private container registry
2y 1y 1y
area/deploy
help wanted
kind/feature
priority/backlog
collaborator-last
commented
send
2377 Istio Node Agent Integration 2y 1y 2y
kind/feature
priority/important-longterm
commented
recv-q
send
2345 Service Account authentication to Vault
6
2y 1y 1y
area/vault
help wanted
kind/feature
lifecycle/active
priority/backlog
collaborator-last
commented
open-milestone
send
2321 Expose more information about certificates in Status 2y 5mo 5mo
kind/feature
priority/important-longterm
commented
member-last
open-milestone
send
2243 Add a per-Certificate rate limit to the number of CertificateRequests created
2y 1y 2y
area/api
kind/feature
priority/important-longterm
commented
2178 Handling 'unregistering' certificates from Venafi TPP
2
2y 7mo 7mo
area/venafi
kind/feature
lifecycle/frozen
priority/important-longterm
collaborator-last
commented
send
2140 Decoupling ACME DNS01 webhooks from Kubernetes apimachinery
2y 10mo 1y
area/acme
area/api
help wanted
kind/feature
priority/awaiting-more-evidence
commented
contributor-last
pr-closed
2043 Extend end-to-end suite to record total ACME client request count 2y 1y
area/testing
kind/feature
priority/important-longterm
open-milestone
2037 Accept both HTTP and HTTPS requests in acmesolver's listener
7
2y 5mo 5mo
area/acme
area/acme/http01
good first issue
help wanted
kind/feature
priority/backlog
triage/needs-information
assigned
assignee-updated
collaborator-last
commented
send
1064 Support for OpenShift `route` object
21
2y 1y 2y
help wanted
kind/design
kind/feature
priority/backlog
commented
pr-closed
recv-q
send
843 Allowing alternative Secret output formats (e.g. single .pem file priv/cert output)
58
2y 5mo 9mo
area/api
help wanted
kind/design
kind/feature
lifecycle/frozen
priority/backlog
commented
open-milestone
pr-closed
pr-merged
send
155 Add 'unreleased version' & 'old version' warning banner to non-latest versions of docs 1y 11mo 11mo
kind/feature
priority/backlog
collaborator-last
commented
send
23 previously listed items omitted

Bugs that deserve a follow-up comment (33)

Resolution: Comment or close the issue

Average age: 200.9d, Avg wait: 177.0d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4003 Accepting challenge authorization failed 2mo 2mo 2mo
area/acme/http01
kind/bug
recv
3977 cert-manager-webhook Firewalld Issues 2mo 2mo 2mo
kind/bug
author-last
recv
recv-q
3968 acme http01: 504 Gateway Time-out 2mo 2mo 2mo
area/acme/http01
kind/bug
recv
3967 Does the certificate chain include a root CA certificate by default? 2mo 2mo 2mo
area/venafi
kind/bug
recv
3941 Certificate renewal get stuck if Vault becomes temporarily inaccessible during the the time of renewal.
2mo 2mo 2mo
kind/bug
recv
3910 ACME Certificate in "False" state even when order and certificaterequest are completed 3mo 3mo 3mo
kind/bug
author-last
recv
3810 Certificates stuck issuing and unready after cert-manager restart 4mo 3mo 3mo
kind/bug
priority/important-soon
author-last
commented
recv
similar
3755 Letsencrypt challenges missing nginx ingress and flooding apache logs 4mo 3mo 3mo
kind/bug
triage/support
author-last
commented
recv
3743 Excessive DNS caching for DNS verification
4mo 4mo 4mo
kind/bug
recv
3723 Order stays in an unknown state indefinitely for a particular ingress 4mo 4mo 4mo
kind/bug
recv
3719 DNS-01 broken scenario (GCP Cloud DNS) 4mo 3mo 4mo
kind/bug
author-last
recv
3715 kube-dns not used for DNS01 challenges 4mo 4mo 4mo
kind/bug
author-last
recv
3691 no_proxy settings not honored helm/kubernetes/vault 5mo 5mo 5mo
kind/bug
recv
3690 renewal stucks and output suspicious logs periodically
5mo 5mo 5mo
kind/bug
author-last
recv
3668 Secure Istio Gateway in Kubernetes using cert-manager. 5mo 5mo 5mo
kind/bug
author-last
recv
3659 custom DNS01 test fails when secondary nameserver is unresponsive 5mo 5mo 5mo
kind/bug
author-last
recv
3653 install cert-manager: Readiness probe failed: HTTP probe failed with statuscode: 500 5mo 2mo 5mo
kind/bug
triage/support
recv
3651 Document how to set Issuer and Subject for self-signed certificates
2
5mo 5mo 5mo
kind/bug
recv
similar
3649 Challenge & secret sometimes not getting created for route53 issuer 5mo 5mo 5mo
kind/bug
recv
3611 Order expires on renew
5mo 5mo 5mo
kind/bug
triage/needs-information
author-last
commented
recv
3608 Unable to renew certificate for some cert hosts with propagation check failed
6mo 5mo 6mo
kind/bug
recv
recv-q
3565 requestmanager_controller got stuck in a loop and stopped generating new certificates afterward
6mo 3mo 6mo
kind/bug
recv
recv-q
3553 ExperimentalCertificateControllers feature gate not available in v1.1 6mo 6mo 6mo
kind/bug
recv
3534 cert-manager tries to follow CNAME while "cnameStrategy" is set to "None" 7mo 5mo 5mo
kind/bug
triage/needs-information
author-last
commented
recv
3484 Ingress annotations with external issuer end up in eternal loop - smallstep 7mo 5mo 7mo
kind/bug
author-last
commented
recv
recv-q
3481 cert-manager stops reconciling certificate expiries
2
4
8mo 5mo 8mo
kind/bug
author-last
commented
recv
recv-q
3448 Self-signed certificate has ready-state: true 8mo 8mo 8mo
kind/bug
recv
3377 CertManager does not install with default settings
4
9mo 5mo 9mo
kind/bug
priority/important-soon
recv
recv-q
3020 Ability to convert resources in acme.cert-manager.io group 1y 1y 1y
kind/bug
priority/important-soon
recv
2968 [Google: clouddns]Selected a private zone
1y 11mo 1y
area/acme/dns01
kind/bug
priority/important-longterm
commented
contributor-last
pr-merged
recv
2902 Cannot decrypt PKCS12 keystore
3
1y 1y 1y
kind/bug
priority/important-soon
author-last
commented
recv
recv-q
2899 CA-injector doc updates( was Webhook patching infinite loop)
1y 1y 1y
area/cainjector
kind/bug
priority/awaiting-more-evidence
author-last
commented
recv
recv-q
2875 Error getting hosted zone name ... for ClusterIssuer without hostedZoneName defined.
3
1y 3mo 1y
area/acme/dns01
help wanted
kind/bug
priority/backlog
author-last
commented
recv

Bugs that have not been commented on within 60 days (85)

Resolution: Comment or close the issue

Average age: 253.0d, Avg wait: 68.7d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
4047 Flaky test: //test/integration/certificates 2mo 2mo
kind/bug
kind/flake
similar
4045 Flaky test: //test/integration/validation 2mo 2mo 2mo
kind/bug
kind/flake
commented
member-last
similar
4020 server side apply failed 2mo 2mo 2mo
kind/bug
priority/backlog
collaborator-last
commented
pr-unreviewed
send
4011 Memory segmentation bug when using Vault 2mo 2mo 2mo
area/vault
kind/bug
priority/important-soon
triage/needs-information
collaborator-last
commented
open-milestone
send
3991 cert-manager v1.3.1 pods crash after installation 2mo 2mo 2mo
kind/bug
triage/support
commented
recv-q
send
3976 Flaky test: //test/integration/ctl TestCtlRenew/--all-namespaces_and_-l_foo=bar_given 2mo 2mo 2mo
kind/bug
kind/flake
priority/important-longterm
collaborator-last
commented
open-milestone
send
3911 Re-enable Venafi Cloud e2e tests 3mo 3mo
area/testing
area/venafi
kind/bug
priority/important-longterm
similar
3895 Multiple CSRs posted to Venafi TPP causing errors in certificate state.
3mo 2mo 2mo
area/venafi
kind/bug
priority/important-soon
collaborator-last
commented
send
3870 Unable to Delete Challenge After Failed Uninstall 3mo 2mo 2mo
kind/bug
priority/awaiting-more-evidence
triage/support
collaborator-last
commented
send
3848 Wildcard certificates not being resolved correctly. 3mo 3mo 3mo
area/acme/dns01
kind/bug
priority/important-soon
collaborator-last
commented
send
3821 Error updating from 0.16 to 1.0 version 3mo 3mo 3mo
kind/bug
priority/awaiting-more-evidence
triage/support
collaborator-last
commented
send
3820 Controller fails to process new certs when there are a large number of pending ones 3mo 3mo 3mo
kind/bug
priority/important-soon
collaborator-last
commented
send
3767 ClusterIssuer incorrect DNS Resolution
4mo 2mo 4mo
kind/bug
priority/backlog
commented
send
3718 Multiple CertificateRequest objects for a single Certificate resource 4mo 3mo 3mo
kind/bug
priority/awaiting-more-evidence
commented
member-last
send
similar
3643 cert-manager-webhook getting deleted by garbage-collector 5mo 4mo 5mo
area/deploy
kind/bug
priority/backlog
triage/needs-information
collaborator-last
commented
send
3640 Challenge Records Not Always Cleaned Up 5mo 5mo 5mo
kind/bug
triage/needs-information
commented
member-last
send
similar
3631 JKS Password Empty
5mo 3mo 5mo
kind/bug
priority/awaiting-more-evidence
commented
send
3629 AWS Cloud Map manager Route53 zones
5mo 5mo 5mo
kind/bug
priority/important-longterm
assigned
assignee-updated
collaborator-last
commented
send
3601 Missing nodeSelector on challenge pods
4
6mo 5mo 5mo
kind/bug
triage/support
commented
member-last
pr-reviewed-with-comment
send
3588 Auth using root namespace with approle even with spec.vault.namespace set 6mo 5mo 5mo
area/vault
kind/bug
priority/important-longterm
collaborator-last
commented
send
3512 The certificates "<cert-name>" is invalid: metadata.resourceVersion: Invalid value: 0x0: must be specified for an update
7mo 3mo 3mo
area/deploy
kind/bug
priority/backlog
triage/needs-information
commented
send
3467 (Timeout): error when creating "cert-manager.yaml": 8mo 5mo 8mo
kind/bug
priority/awaiting-more-evidence
collaborator-last
commented
send
3455 updated certificate resource is not processed by cert-manager
8mo 8mo 8mo
kind/bug
priority/important-soon
collaborator-last
commented
send
similar
3450 PKCS12 updating secret reference doesn't update keystore.p12 8mo 5mo 5mo
area/api
kind/bug
priority/important-longterm
collaborator-last
commented
send
3435 Race condition while updating commonName
8mo 5mo 5mo
kind/bug
priority/important-soon
commented
member-last
send
3428 JKS and PKCS12 Keystores are inconsistent. 8mo 3mo 3mo
kind/bug
priority/important-longterm
collaborator-last
commented
send
3427 Add multiple trustedCertEntries to truststores.
8mo 8mo 8mo
kind/bug
collaborator-last
commented
send
3422 Certificate not issued - clusterissuer showing ready, whereas certificaterequest complaining issuer not ready. 9mo 2mo 3mo
kind/bug
priority/awaiting-more-evidence
commented
send
3383 Certificate API doc omits "3072" as valid RSA key size 9mo 5mo 9mo
kind/bug
priority/important-longterm
collaborator-last
commented
send
3363 Vault Issuer with Kubernetes authentication cannot be automated via Helm
9
9mo 2mo 9mo
area/vault
kind/bug
priority/important-longterm
commented
recv-q
send
similar
3294 Certificate Not Found when secret quota exceeded 10mo 10mo 10mo
kind/bug
priority/important-longterm
collaborator-last
commented
send
3283 Passing apiVersion as apiGroup should give a validation error
3
10mo 9mo 10mo
area/api
kind/bug
priority/important-longterm
commented
send
3203 X.509 Name support & invalid output w/ multiple RDNs
2
11mo 5mo 11mo
kind/bug
priority/important-longterm
collaborator-last
commented
send
3169 Contact mail management issues in ACME 11mo 11mo 11mo
area/acme
kind/bug
priority/awaiting-more-evidence
collaborator-last
commented
send
3050 Venafi issuer produces a mixture of structured and unstructured log messages from the vcert library 1y 1y 1y
area/venafi
kind/bug
priority/important-soon
collaborator-last
commented
send
3016 RFC2136 config ignores port for the nameserver. 1y 11mo 1y
area/acme/dns01
kind/bug
priority/awaiting-more-evidence
triage/needs-information
commented
contributor-last
send
3008 http01 self-check fails on GKE: propagation check failed, no such host
2
1y 11mo 11mo
kind/bug
triage/needs-information
collaborator-last
commented
send
2967 Waiting for http-01 challenge propagation: read: connection reset by peer 1y 1y 1y
kind/bug
triage/support
collaborator-last
commented
send
similar
2817 cainjector fails to start: MutatingWebhookConfiguration not found 1y 1y 1y
area/deploy
kind/bug
priority/important-longterm
commented
contributor-last
recv-q
send
2765 Recognise finalized ACME Orders and gracefully recover by updating the Order's status when they are already in a "valid" state
4
1y 5mo 1y
area/acme
kind/bug
priority/important-longterm
commented
send
2700 Use DigiCert ACME endpoint
3
1y 5mo 1y
area/acme
kind/bug
priority/awaiting-more-evidence
commented
send
2686 cert-manager-cainjector and cert-manager can not start when BoundServiceAccountTokenVolume enabled 1y 1y 1y
area/deploy
kind/bug
priority/awaiting-more-evidence
collaborator-last
commented
send
2636 Certificate stuck in issuing state
1y 1y 1y
area/api
kind/bug
priority/awaiting-more-evidence
commented
recv-q
send
similar
2565 cert-manager-cainjector Panic
2
1y 1y 1y
area/cainjector
kind/bug
priority/backlog
commented
send
2561 erratic No Key ID in JWS header
7
2y 1y 1y
area/acme
kind/bug
priority/awaiting-more-evidence
commented
contributor-last
pr-merged
send
2545 Failed to determine a valid solver configuration for the set of domains on the Order
2y 2mo 1y
kind/bug
triage/needs-information
commented
send
2491 presented key () did not match expected (XXXXXXX)
2y 1y 1y
kind/bug
triage/needs-information
collaborator-last
commented
send
2461 rfc2136 failing with bad signature error
2y 1y 1y
kind/bug
priority/important-soon
collaborator-last
commented
send
2401 cert-manager requests account immediately after looking it up by public key
2y 1y 1y
area/acme
kind/bug
priority/backlog
collaborator-last
commented
send
1888 Certificate not matching private key when creating multiple ingress resources
12
2y 3mo 3mo
area/acme
good first issue
help wanted
kind/bug
priority/important-soon
assigned
assignee-updated
collaborator-last
commented
open-milestone
send
422 Page last modified date incorrect 5mo 5mo 5mo
kind/bug
collaborator-last
commented
send
34 previously listed items omitted

Items that deserve a follow-up comment (21)

Resolution: Comment or close the issue

Average age: 203.9d, Avg wait: 193.2d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3979 Certificates for multiple domains (Let's Encrypt) 2mo 2mo 2mo
author-last
recv
3925 Please make all configuration entries under the dns providers etc. work with valueFrom 3mo 3mo 3mo
recv
3874 Getting "Error from server: conversion webhook for acme.cert-manager.io/v1alpha2, Kind=Challenge failed: Post https://cert-manager-webhook.cert-manager.svc:443/convert?timeout=30s: service "cert-manager-webhook" not found" 3mo 2mo 3mo
recv
recv-q
similar
3660 order is showing as ready but stuck at the challenges. Not getting all the challenges. 5mo 5mo 5mo
recv
3609 oauth2: cannot fetch token: Post \https://oauth2.googleapis.com/token": x509: certificate signed by unknown authority" 5mo 5mo 5mo
recv
3599 Create certificate issue (showing in progress only) 6mo 6mo 6mo
author-last
recv
recv-q
2996 cainjector pod restart many times of V0.15.1
2
1y 11mo 1y
area/cainjector
triage/needs-information
commented
recv
recv-q
2553 Document using cert-manager resources with client-go
2y 1y 1y
area/api
good first issue
help wanted
kind/documentation
priority/backlog
commented
contributor-last
recv
568 Add a diagram for LetsEncrypt cert issuance flow to the docs
3
2mo 2mo 2mo
recv
561 Certificate Resources 2mo 2mo 2mo
recv
similar
559 Update uninstall process doc 2mo 2mo 2mo
recv
551 Documentation on how to handle large-scale certificate management & best practices
2
2mo 2mo 2mo
help wanted
kind/documentation
priority/important-longterm
contributor-last
recv
544 OpenShift 2mo 2mo 2mo
recv
similar
484 Please add anchor tags to your subheadings
4mo 3mo 4mo
kind/documentation
priority/backlog
commented
contributor-last
pr-merged
recv
469 DNS01: Delegated Domains for DNS01 example yaml solvers list items 4mo 4mo 4mo
recv
466 installation/compatiblity 4mo 4mo 4mo
recv
457 cainjector docs are missing the option to inject certs in apiservice resources
4mo 4mo 4mo
recv
454 Cluster Resource Namespace 5mo 5mo 5mo
recv
similar
354 DigitalOcean access-token should not be base64-encoded 9mo 5mo 9mo
priority/awaiting-more-evidence
author-last
commented
recv
76 Upgrading from v0.10 to v0.11 - missing cainjector annotation 2y 11mo 2y
kind/documentation
priority/backlog
contributor-last
recv
56 Route53: document use of "region" field 2y 3mo 2y
documentation
priority/important-longterm
contributor-last
recv
recv-q

Items that have not been commented on within 60 days (63)

Resolution: Comment or close the issue

Average age: 305.8d, Avg wait: 55.6d
ID Au Desc As Rea Cr Up Re Cmntrs Labels Tags
3899 Delete Venafi TPP test certs created by e2e tests 3mo 3mo
area/testing
area/venafi
kind/cleanup
priority/important-longterm
3890 support more secret type 3mo 3mo 3mo
collaborator-last
commented
send
3849 Make debugging e2e tests locally easier 3mo 3mo
area/testing
priority/backlog
3808 Supporting traefik IngressRoute objects?
2
4mo 3mo 3mo
area/ingress-shim
priority/important-longterm
collaborator-last
commented
send
3796 Intermittent E2E test failure: ERROR: 1 setup jobs failed. Check logs above for details
4mo 3mo 3mo
area/testing
good first issue
kind/flake
priority/important-soon
assigned
assignee-updated
collaborator-last
commented
pr-merged
send
3738 PKI: inject a time.Time in certificate template functions instead of using time.Now
4mo 3mo 3mo
kind/cleanup
priority/important-soon
assigned
assignee-updated
commented
member-last
pr-merged
send
3704 Document how to manually test cert-manager upgrade in release-process.md 5mo 3mo 3mo
kind/documentation
priority/important-soon
commented
member-last
open-milestone
3696 Add an integration test for Readiness controller 5mo 5mo 5mo
good first issue
kind/cleanup
priority/backlog
assigned
assignee-updated
collaborator-last
commented
pr-changes-requested
3676 Configuring LE wildcard cert on EKS w/ Route53 DNS 5mo 5mo 5mo
collaborator-last
commented
send
3674 Update helm chart location 5mo 3mo 3mo
kind/cleanup
priority/backlog
commented
member-last
3673 Create cert-manager container registry 5mo 5mo
kind/cleanup
3672 Change the package import path from jetstack/cert-manager to cert-manager/cert-manager 5mo 3mo 3mo
kind/cleanup
priority/important-soon
collaborator-last
commented
pr-unreviewed
send
3671 Transfer repository to the cert-manager organisation 5mo 5mo 5mo
kind/cleanup
commented
member-last
3670 Create testing infrastructure for the cert-manager org 5mo 3mo 3mo
kind/cleanup
priority/important-soon
assigned
assignee-updated
commented
member-last
similar
3626 Add Go package comments to all packages 5mo 3mo 3mo
kind/cleanup
kind/documentation
priority/important-soon
assigned
assignee-updated
commented
member-last
send
3592 Ability to not create ca.crt 6mo 5mo 6mo
commented
send
3555 Venafi E2E tests are all failing
6mo 5mo 5mo
area/testing
area/venafi
priority/important-soon
commented
member-last
pr-merged
3451 Move repo to cert-manager/cert-manager 8mo 3mo 5mo
Epic
priority/important-soon
assigned
assignee-updated
commented
member-last
send
3350 Venafi e2e tests: enable more features 9mo 9mo
area/venafi
kind/cleanup
priority/important-longterm
collaborator-last
similar
3067 Reviewing 'minimum certificate duration' requirements and handling
1y 9mo 11mo
area/api
priority/important-longterm
collaborator-last
commented
open-milestone
pr-closed
pr-merged
send
2985 Certificate status is false, but message is success
2
1y 11mo 11mo
kind/flake
priority/awaiting-more-evidence
collaborator-last
commented
send
2877 E2E: [Conformance] Certificates with issuer type ACME DNS01 Issuer should issue a basic, defaulted certificate for a single commonName and distinct dnsName defined by an ingress with annotations 1y 1y 1y
area/acme
kind/flake
priority/important-longterm
commented
recv-q
1686 MS Active Directory Certificate Services support
10
2y 1y 1y
good first issue
help wanted
kind/documentation
priority/backlog
collaborator-last
commented
send
similar
1168 docs: Add info about client side certificate rotation best practices.
16
2y 1y 1y
help wanted
kind/documentation
lifecycle/frozen
priority/backlog
collaborator-last
commented
pr-closed
send
459 cert manager is no longer on the OpenShift operator list 4mo 3mo 4mo
priority/important-soon
assigned
assignee-updated
commented
member-last
send
425 Document ocspServers 5mo 5mo 5mo
kind/documentation
commented
member-last
414 Explain cert-manager repo structure
2
5mo 5mo 5mo
kind/documentation
priority/backlog
assigned
assignee-updated
commented
member-last
pr-merged
pr-unreviewed
send
401 Bring tutorials up to date 6mo 5mo
priority/important-longterm
386 Uninstalling on Kubernetes - How to delete all those user created resources? 7mo 7mo 7mo
collaborator-last
commented
send
344 Add docs to explain webhooks 9mo 3mo
good first issue
help wanted
priority/important-longterm
contributor-last
330 Case for CertificatePrivateKey (encoding, algorithm) is wrong (v1) 10mo 9mo 9mo
collaborator-last
commented
send
326 Securing Ingresses with Venafi 10mo 10mo 10mo
collaborator-last
commented
send
295 Route53 11mo 5mo 5mo
kind/documentation
commented
member-last
send
237 docs for ACMEChallengeSolverHTTP01Ingress doesn't specify what `class` values are available
1y 11mo 1y
kind/documentation
priority/backlog
collaborator-last
commented
pr-reviewed-with-comment
send
234 Backup and Restore Resources
2
1y 5mo 5mo
kind/documentation
priority/backlog
commented
member-last
pr-merged
send
232 Document keystored in usage/certificate 1y 11mo
kind/documentation
priority/backlog
contributor-last
229 Documenting resolution for DigitalOcean + HTTP01 "connection timed out" error 1y 11mo
kind/documentation
priority/important-soon
contributor-last
228 Documentation needs correction for external-account-bindings
1y 11mo
good first issue
kind/documentation
priority/backlog
pr-merged
223 Document wildcard certificate tutorial 1y 11mo 1y
kind/documentation
priority/important-longterm
commented
contributor-last
send
198 Document release process 1y 11mo 11mo
kind/documentation
priority/important-soon
assigned
commented
member-last
send
197 Document ACME account mismatch 1y 11mo 11mo
good first issue
kind/documentation
priority/backlog
collaborator-last
commented
178 Order of versions of cert-manager in menu 1y 11mo 1y
kind/documentation
priority/important-longterm
commented
contributor-last
send
174 Add documentation for CRD conversion webhook ca injection 1y 11mo 11mo
help wanted
kind/documentation
priority/important-soon
commented
member-last
send
154 Documenting repo management process 1y 11mo 1y
kind/documentation
priority/important-longterm
commented
contributor-last
send
130 FAQ: How does cert-manager handle ingresses with valid TLS secrets? 1y 11mo 11mo
help wanted
kind/documentation
priority/backlog
commented
contributor-last
send
90 Document Certificate Subject Changes 2y 6mo 6mo
good first issue
help wanted
priority/important-soon
collaborator-last
commented
similar
69 SelfSignedIssuer configuration - API reference docs 2y 11mo 11mo
good first issue
help wanted
kind/documentation
priority/important-soon
commented
member-last
send
19 Incorrect command line help: should include a --branch argument 10mo 5mo 5mo
kind/cleanup
commented
contributor-last
2 Set up periodic job to publish an experimental release build
1y 3mo
priority/backlog
assigned
contributor-last
14 previously listed items omitted: #3925 #3660 #3609 #3599 #2996 #2553 #484 #469 #466 #457 #454 #354 #76 #56
Triage Party v1.3.0