cert-manager + website + release Weekly Triage

queue to be emptied once a week in a team triage meeting

Important soon, but no updates in 60 days (43)

Resolution: Downgrade to important-longterm

Average age: 282.6d, Avg wait: 33.3d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4011		Memory segmentation bug when using Vault			2mo	2mo	2mo		area/vault kind/bug priority/important-soon triage/needs-information	collaborator-last commented open-milestone send
3904		Akamai Fast DNS should use V2 API and rename to Edge DNS			3mo	3mo	3mo		area/acme/dns01 kind/bug kind/feature priority/important-soon	assigned assignee-updated collaborator-last commented send
3895		Multiple CSRs posted to Venafi TPP causing errors in certificate state.			3mo	2mo	2mo		area/venafi kind/bug priority/important-soon	collaborator-last commented send
3868		Document Go API Compatibility (or Lack Thereof)			3mo	2mo	2mo		kind/documentation kind/feature priority/important-soon	assigned assignee-updated collaborator-last commented pr-merged
3852		Be able to specify a serviceAccount for the HTTP01 ACME solver pod Similar: #3853: Be able to specify the imagePullSecret to use for the HTTP01 ACME solver pod (open)			3mo	3mo	3mo		kind/feature priority/important-soon	collaborator-last commented pr-closed send similar
3848		Wildcard certificates not being resolved correctly.			3mo	3mo	3mo		area/acme/dns01 kind/bug priority/important-soon	collaborator-last commented send
3820		Controller fails to process new certs when there are a large number of pending ones			3mo	3mo	3mo		kind/bug priority/important-soon	collaborator-last commented send
3810		Certificates stuck issuing and unready after cert-manager restart Similar: #3312: Why does cert-manager issue fake certificates? (open) Similar: #3170: Why does cert-manager issue fake certificates? (open) Similar: #2636: Certificate stuck in issuing state (open)			4mo	3mo	3mo		kind/bug priority/important-soon	author-last commented recv similar
3796		Intermittent E2E test failure: ERROR: 1 setup jobs failed. Check logs above for details			4mo	3mo	3mo		area/testing good first issue kind/flake priority/important-soon	assigned assignee-updated collaborator-last commented pr-merged send
3766		support for "leases" for leader election			4mo	2mo	2mo		good first issue help wanted kind/feature priority/important-soon	collaborator-last commented send
3761		Document a security issue reporting, response, and distribution process		2 5	4mo	3mo	3mo		kind/documentation kind/feature priority/important-soon	assigned assignee-updated collaborator-last commented pr-merged send
3738		PKI: inject a time.Time in certificate template functions instead of using time.Now			4mo	3mo	3mo		kind/cleanup priority/important-soon	assigned assignee-updated commented member-last pr-merged send
3704		Document how to manually test cert-manager upgrade in release-process.md			5mo	3mo	3mo		kind/documentation priority/important-soon	commented member-last open-milestone
3672		Change the package import path from jetstack/cert-manager to cert-manager/cert-manager PR#3702: Update import path following repository move unreviewed			5mo	3mo	3mo		kind/cleanup priority/important-soon	collaborator-last commented pr-unreviewed send
3670		Create testing infrastructure for the cert-manager org Similar: #27: Create cert-manager specific testing / release infrastructure (open)			5mo	3mo	3mo		kind/cleanup priority/important-soon	assigned assignee-updated commented member-last similar
3626		Add Go package comments to all packages			5mo	3mo	3mo		kind/cleanup kind/documentation priority/important-soon	assigned assignee-updated commented member-last send
3612		CLI tool should have a dedicated backup and restore subcomand			5mo	5mo	5mo		area/ctl kind/feature priority/important-soon	commented member-last send
3576		Cert-manager does not respect TTL		2	6mo	6mo	6mo		area/acme area/acme/dns01 kind/feature priority/important-soon	collaborator-last commented send
3555		Venafi E2E tests are all failing			6mo	5mo	5mo		area/testing area/venafi priority/important-soon	commented member-last pr-merged
3473		Draft a design for handling identity, policy, and certificates.k8s.io adoption PR#3646: DESIGN: certificates.k8s.io Adoption new-commits PR#3727: DESIGN: Policy commented			8mo	5mo	8mo		kind/feature priority/important-soon	assigned assignee-updated collaborator-last commented pr-merged pr-new-commits pr-reviewed-with-comment send
3455		updated certificate resource is not processed by cert-manager Similar: #561: Certificate Resources (open)			8mo	8mo	8mo		kind/bug priority/important-soon	collaborator-last commented send similar
3451		Move repo to cert-manager/cert-manager			8mo	3mo	5mo		Epic priority/important-soon	assigned assignee-updated commented member-last send
3435		Race condition while updating commonName			8mo	5mo	5mo		kind/bug priority/important-soon	commented member-last send
3377		CertManager does not install with default settings		4	9mo	5mo	9mo		kind/bug priority/important-soon	recv recv-q
3371		Make deployment matchLabels configurable			9mo	5mo	9mo		kind/feature priority/important-soon	collaborator-last commented pr-closed send
3188		Add API compatibility tests			11mo	5mo	5mo		area/api kind/feature priority/important-soon	assigned assignee-updated commented member-last open-milestone send
3145		Ctl command status certificate: Output info about completed CRs			11mo	8mo	8mo		area/ctl kind/feature priority/important-soon	collaborator-last commented send
3050		Venafi issuer produces a mixture of structured and unstructured log messages from the vcert library			1y	1y	1y		area/venafi kind/bug priority/important-soon	collaborator-last commented send
3020		Ability to convert resources in acme.cert-manager.io group			1y	1y	1y		kind/bug priority/important-soon	recv
2988		vault: allowing asynchronous issuance of certificates			1y	11mo			area/vault kind/feature priority/important-soon
2902		Cannot decrypt PKCS12 keystore		3	1y	1y	1y		kind/bug priority/important-soon	author-last commented recv recv-q
2461		rfc2136 failing with bad signature error			2y	1y	1y		kind/bug priority/important-soon	collaborator-last commented send
1888		Certificate not matching private key when creating multiple ingress resources		12	2y	3mo	3mo		area/acme good first issue help wanted kind/bug priority/important-soon	assigned assignee-updated collaborator-last commented open-milestone send
459		cert manager is no longer on the OpenShift operator list			4mo	3mo	4mo		priority/important-soon	assigned assignee-updated commented member-last send
320		Document how to install cert-manager using gitops and known issues with particular gitops implementations			10mo	2mo	10mo		documentation priority/important-soon	commented contributor-last
262		[DOCS]: Add info on how to customize kind CertManager when using OperatorHub method on Openshift			1y	6mo	1y		kind/feature priority/important-soon	author-last commented recv recv-q
229		Documenting resolution for DigitalOcean + HTTP01 "connection timed out" error			1y	11mo			kind/documentation priority/important-soon	contributor-last
198		Document release process			1y	11mo	11mo		kind/documentation priority/important-soon	assigned commented member-last send
195		Document keystores			1y	2mo	11mo		kind/documentation priority/important-soon	commented member-last send
174		Add documentation for CRD conversion webhook ca injection			1y	11mo	11mo		help wanted kind/documentation priority/important-soon	commented member-last send
144		Improve webhook debugging info Similar: #642: Move/ link to Webhook debugging docs (open) Similar: #4198: Move/ link to Webhook debugging docs (closed)			1y	2mo	11mo		kind/documentation priority/important-soon	commented member-last pr-merged send similar
90		Document Certificate Subject Changes Similar: #3651: Document how to set Issuer and Subject for self-signed certificates (open) Similar: #2906: Add Subject Key Identifier to Certificate CRD (open)			2y	6mo	6mo		good first issue help wanted priority/important-soon	collaborator-last commented similar
69		SelfSignedIssuer configuration - API reference docs			2y	11mo	11mo		good first issue help wanted kind/documentation priority/important-soon	commented member-last send

Important longterm, but no updates in 120 days (42)

Resolution: Downgrade to backlog

Average age: 413.5d, Avg wait: 54.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
3654		Create a Docker image with release dependencies/commands			5mo	5mo			kind/feature priority/important-longterm
3629		AWS Cloud Map manager Route53 zones			5mo	5mo	5mo		kind/bug priority/important-longterm	assigned assignee-updated collaborator-last commented send
3588		Auth using root namespace with approle even with spec.vault.namespace set			6mo	5mo	5mo		area/vault kind/bug priority/important-longterm	collaborator-last commented send
3521		Integration with ExternalDNS		6	7mo	5mo	7mo		help wanted kind/feature priority/important-longterm	commented send
3509		Provide a separate manifest for the cert-manager Namespace resource			7mo	5mo	7mo		kind/feature priority/important-longterm	recv
3450		PKCS12 updating secret reference doesn't update keystore.p12			8mo	5mo	5mo		area/api kind/bug priority/important-longterm	collaborator-last commented send
3383		Certificate API doc omits "3072" as valid RSA key size			9mo	5mo	9mo		kind/bug priority/important-longterm	collaborator-last commented send
3366		Export certificate controller sync call duration metrics			9mo	9mo	9mo		kind/feature priority/important-longterm	collaborator-last commented send
3350		Venafi e2e tests: enable more features Similar: #3911: Re-enable Venafi Cloud e2e tests (open)			9mo	9mo			area/venafi kind/cleanup priority/important-longterm	collaborator-last similar
3294		Certificate Not Found when secret quota exceeded			10mo	10mo	10mo		kind/bug priority/important-longterm	collaborator-last commented send
3291		GitOps based e2e tests			10mo	8mo			area/testing kind/feature priority/important-longterm	open-milestone
3283		Passing apiVersion as apiGroup should give a validation error		3	10mo	9mo	10mo		area/api kind/bug priority/important-longterm	commented send
3259		Export controller processing errors counter		7	10mo	5mo	5mo		kind/feature priority/important-longterm	commented member-last send
3203		X.509 Name support & invalid output w/ multiple RDNs		2	11mo	5mo	11mo		kind/bug priority/important-longterm	collaborator-last commented send
3181		as a user, I don't known that ACME HTTP01 solvers cannot be used for wildcard certs		2	11mo	11mo	11mo		area/acme kind/feature priority/important-longterm	author-last commented recv
3149		Improve documentation of union types in the API			11mo	5mo	9mo		kind/documentation kind/feature priority/important-longterm	collaborator-last commented open-milestone pr-merged send
3067		Reviewing 'minimum certificate duration' requirements and handling			1y	9mo	11mo		area/api priority/important-longterm	collaborator-last commented open-milestone pr-closed pr-merged send
3009		Using workload identity instead of exporting service account keys on GKE		4 30	1y	4mo	11mo		help wanted kind/feature priority/important-longterm	commented recv-q send
2998		Challenge failure metrics			1y	11mo	11mo		area/acme kind/feature priority/important-longterm	collaborator-last commented send
2968		[Google: clouddns]Selected a private zone			1y	11mo	1y		area/acme/dns01 kind/bug priority/important-longterm	commented contributor-last pr-merged recv
2941		Detect multiple certs pointed to the same secret		2	1y	11mo	1y		area/monitoring kind/feature priority/important-longterm	contributor-last recv
2926		Add an ability to communicate with Vault via mTLS			1y	1y	1y		area/vault kind/feature priority/important-longterm	recv
2894		Add configuration for what SANs are allowed based on namespace			1y	1y	1y		kind/feature priority/important-longterm	author-last commented recv
2877		E2E: [Conformance] Certificates with issuer type ACME DNS01 Issuer should issue a basic, defaulted certificate for a single commonName and distinct dnsName defined by an ingress with annotations			1y	1y	1y		area/acme kind/flake priority/important-longterm	commented recv-q
2817		cainjector fails to start: MutatingWebhookConfiguration not found			1y	1y	1y		area/deploy kind/bug priority/important-longterm	commented contributor-last recv-q send
2779		Support AWS Session Tokens			1y	1y	1y		area/acme/dns01 help wanted kind/feature priority/important-longterm	collaborator-last commented send
2765		Recognise finalized ACME Orders and gracefully recover by updating the Order's status when they are already in a "valid" state		4	1y	5mo	1y		area/acme kind/bug priority/important-longterm	commented send
2695		Kubelet TLS using external signerName controllers			1y	1y	1y		Epic kind/feature priority/important-longterm	assigned assignee-updated collaborator-last commented send
2617		release-tars: allow plumbing through custom registry through to Helm chart & manifests			1y	1y			area/deploy kind/feature priority/important-longterm
2572		OpenAPI based field defaulting			1y	1y	1y		area/api kind/feature priority/important-longterm	collaborator-last commented send
2488		Signed images			2y	1y	1y		area/deploy kind/feature priority/important-longterm	collaborator-last commented send
2479		Allow CA issuers to generate their own secrets		5	2y	1y	1y		area/ca kind/feature priority/important-longterm	collaborator-last commented send
2454		RBAC rule for showing running cert-manager in a single namespaces			2y	1y			area/deploy kind/feature priority/important-longterm
2377		Istio Node Agent Integration			2y	1y	2y		kind/feature priority/important-longterm	commented recv-q send
2321		Expose more information about certificates in Status			2y	5mo	5mo		kind/feature priority/important-longterm	commented member-last open-milestone send
2243		Add a per-Certificate rate limit to the number of CertificateRequests created			2y	1y	2y		area/api kind/feature priority/important-longterm	commented
2178		Handling 'unregistering' certificates from Venafi TPP		2	2y	7mo	7mo		area/venafi kind/feature lifecycle/frozen priority/important-longterm	collaborator-last commented send
2043		Extend end-to-end suite to record total ACME client request count			2y	1y			area/testing kind/feature priority/important-longterm	open-milestone
401		Bring tutorials up to date			6mo	5mo			priority/important-longterm
223		Document wildcard certificate tutorial			1y	11mo	1y		kind/documentation priority/important-longterm	commented contributor-last send
178		Order of versions of cert-manager in menu			1y	11mo	1y		kind/documentation priority/important-longterm	commented contributor-last send
154		Documenting repo management process			1y	11mo	1y		kind/documentation priority/important-longterm	commented contributor-last send

many reactions, low priority (16)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 227.1d, Avg wait: 11.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4167		Support for full chain validation on issued certificates		3 3	3wk	4d	4d		kind/bug	collaborator-last commented send
4162		The kubectl.kubernetes.io/last-applied-configuration annotation is copied to CertificateRequests PR#4251: Allows to configure which annotations get copied from Certificate changes-requested		6	3wk	3d	3d		kind/bug	assigned assignee-updated collaborator-last commented open-milestone pr-changes-requested send
4023		Vault generated certificates PR#4195: vault: Fix when certificate chain does not have a root ca new-commits Similar: #3378: Generate certificate challenge error (open) Similar: #910: Allow to store certificate in vault (closed)		4	2mo	4wk	2mo		kind/bug	pr-new-commits recv recv-q similar
3675		Donation of jniebuhr/aws-pca-issuer to the Cert Manager project		2 6	5mo	2mo	5mo		kind/documentation kind/feature priority/backlog	author-last recv
3238		Waiting for http-01 challenge propagation: failed to perform self check GET request Similar: #3331: Challenge Fails: Waiting for HTTP-01 challenge propagation: did not get expected response when querying endpoint, expected 'XXXX' but got: 'YYYY' (open) Similar: #3325: Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200' (open) Similar: #3309: Waiting for http-01 challenge propagation: wrong status code '403', expected '200' (open) Similar: #2842: Waiting for http-01 challenge propagation: wrong status code '404', expected '200' (open) Similar: #3000: Waiting for http-01 challenge propagation: dial tcp 127.0.0.1:80: connect: connection refused (open) Similar: #2967: Waiting for http-01 challenge propagation: read: connection reset by peer (open) Similar: #3442: challenge fail:Waiting for http-01 challenge propagation: did not get expected response when querying endpoint, expected "xxxxx" but got: <!doctype html> (closed)		4 5 40	10mo	3wk	9mo		triage/support	commented recv-q send similar
3062		no matches for kind "ClusterIssuer" in version "certmananger.k8s.io/v1alpha2" Similar: #3246: no matches for kind "ClusterIssuer" in version "cert-manager.io/v1" (closed)		2 24	1y	4mo	9mo		triage/support	commented send similar
2576		Support adding custom annotations to generated secret PR#3828: feat: add support to secretTemplates new-commits		6 42	1y	3mo	1y		kind/feature priority/backlog	commented contributor-last pr-new-commits recv-q send
2538		cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer Similar: #3814: Can `cert-manager.io/cluster-issuer: nameOfClusterIssuer` annotation be made to work on a namespace? (open) Similar: #3751: Cert-Manager doesn't proxying custom annotations from Ingress (open)		43	2y	5mo	1y		area/api kind/feature priority/backlog	commented recv-q send similar
843		Allowing alternative Secret output formats (e.g. single .pem file priv/cert output)		58	2y	5mo	9mo		area/api help wanted kind/design kind/feature lifecycle/frozen priority/backlog	commented open-milestone pr-closed pr-merged send
4241		Add support for pathLen basicConstraint		10	4d	1h	1h		approved area/api area/deploy area/testing dco-signoff: yes do-not-merge/work-in-progress kind/feature release-note size/XL	collaborator-last commented draft new-commits open-milestone
4251		Allows to configure which annotations get copied from Certificate		4	3h	1h	1h		approved dco-signoff: yes kind/cleanup release-note size/L	assigned assignee-updated changes-requested commented member-last send
4225		Feature: Support both v1 and v1beta1 ingresses.		7	7d	3d	3d		approved area/acme area/acme/http01 area/ingress-shim area/testing dco-signoff: yes kind/feature release-note size/XXL	assigned assignee-updated collaborator-last commented reviewed-with-comment send
3931		Added PodDisruptionBudgets to helm chart		5	2mo	3d	6wk		approved area/deploy dco-signoff: yes do-not-merge/hold lgtm needs-kind needs-rebase ok-to-test release-note size/L	assigned assignee-updated commented new-commits recv-q send
3828		feat: add support to secretTemplates		10	3mo	10d	3wk		approved area/api area/deploy area/testing dco-signoff: yes do-not-merge/release-note-label-needed needs-kind ok-to-test size/XL	assigned assignee-updated commented contributor-last new-commits open-milestone recv recv-q
3705		integration test for readiness controller		4	5mo	2mo	2mo		approved area/testing dco-signoff: yes kind/cleanup needs-rebase release-note-none size/L	assigned assignee-updated changes-requested collaborator-last commented
521		Talk about key rotation downtime and "rotationPolicy: Always"		5	3mo	2d	17d		approved dco-signoff: yes do-not-merge/hold needs-rebase size/L	assigned assignee-updated commented contributor-last new-commits

many commenters, low priority (4)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 57.8d, Avg wait: 18.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4131		Changing/Renewing OAUTH token requries Re-creation of Venafi Cluster Issuer			4wk	3wk	3wk		area/venafi kind/bug priority/awaiting-more-evidence	author-last commented recv
4097		Generating SSL + ingress-nginx issue			6wk	5d	6wk		kind/bug	recv recv-q
3828		feat: add support to secretTemplates		10	3mo	10d	3wk		approved area/api area/deploy area/testing dco-signoff: yes do-not-merge/release-note-label-needed needs-kind ok-to-test size/XL	assigned assignee-updated commented contributor-last new-commits open-milestone recv recv-q
4125		[WIP] Add install to cert-manager cli Similar: #633: WIP: Kubectl cert manager install (open)			5wk	3wk	4wk		dco-signoff: yes do-not-merge/work-in-progress kind/feature needs-rebase ok-to-test release-note size/XXL	collaborator-last commented draft recv similar unreviewed

Screaming into the void (2)

Resolution: Reopen, or ask folks to open a new issue

Average age: 1141.6d, Avg wait: 772.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
806		TXT records breaks wildcard DNS resolution			3y	2d	3y		area/acme	assigned assignee-updated closed commented recv recv-q
466		proxy_protocol mode breaks HTTP01 challenge Check stage		7 7 95	3y	3d	1y		kind/bug	closed commented recv recv-q

Needs information for over 2 weeks (17)

Resolution: Close or remove triage/needs-information label

Average age: 335.2d, Avg wait: 58.4d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4011		Memory segmentation bug when using Vault			2mo	2mo	2mo		area/vault kind/bug priority/important-soon triage/needs-information	collaborator-last commented open-milestone send
3748		Cert-manager causes API server panic on clusters with more than 20000 secrets.		2	4mo	7wk	4mo		kind/bug triage/needs-information	commented pr-merged recv recv-q
3643		cert-manager-webhook getting deleted by garbage-collector			5mo	4mo	5mo		area/deploy kind/bug priority/backlog triage/needs-information	collaborator-last commented send
3640		Challenge Records Not Always Cleaned Up Similar: #1661: _acme-challenge DNS TXT records not being cleaned up on DigitalOcean (open)			5mo	5mo	5mo		kind/bug triage/needs-information	commented member-last send similar
3615		resourceVersion should not be set on objects to be created		8	5mo	7wk	5mo		kind/bug triage/needs-information	recv recv-q
3611		Order expires on renew			5mo	5mo	5mo		kind/bug triage/needs-information	author-last commented recv
3534		cert-manager tries to follow CNAME while "cnameStrategy" is set to "None"			7mo	5mo	5mo		kind/bug triage/needs-information	author-last commented recv
3512		The certificates "<cert-name>" is invalid: metadata.resourceVersion: Invalid value: 0x0: must be specified for an update			7mo	3mo	3mo		area/deploy kind/bug priority/backlog triage/needs-information	commented send
3021		Cloudflare DNS resolver fails: Error: 6003: Invalid request headers		3 13	1y	5wk	8mo		kind/bug triage/needs-information	commented recv-q send
3016		RFC2136 config ignores port for the nameserver.			1y	11mo	1y		area/acme/dns01 kind/bug priority/awaiting-more-evidence triage/needs-information	commented contributor-last send
3008		http01 self-check fails on GKE: propagation check failed, no such host		2	1y	11mo	11mo		kind/bug triage/needs-information	collaborator-last commented send
2996		cainjector pod restart many times of V0.15.1		2	1y	11mo	1y		area/cainjector triage/needs-information	commented recv recv-q
2954		my orders keeping returning 405		2	1y	3wk	3mo		kind/bug triage/needs-information	commented recv-q send
2703		AKS: Lets Encrypt Cert not working on TLS ingress into AKS cluster		4	1y	1y	1y		area/acme triage/needs-information triage/support	assigned assignee-updated collaborator-last commented send
2545		Failed to determine a valid solver configuration for the set of domains on the Order			2y	2mo	1y		kind/bug triage/needs-information	commented send
2491		presented key () did not match expected (XXXXXXX)			2y	1y	1y		kind/bug triage/needs-information	collaborator-last commented send
2037		Accept both HTTP and HTTPS requests in acmesolver's listener		7	2y	5mo	5mo		area/acme area/acme/http01 good first issue help wanted kind/feature priority/backlog triage/needs-information	assigned assignee-updated collaborator-last commented send

Support request over 30 days old (56)

Resolution: Close, or add to triage/long-term-support

Average age: 283.7d, Avg wait: 84.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4089		make images throwing unbound variable error			6wk	6wk	6wk		priority/awaiting-more-evidence triage/support	collaborator-last commented send
4075		Renew certificate keeps in pending state			7wk	6wk	6wk		triage/support	collaborator-last commented send
4019		Internal error occurred: conversion webhook for cert-manager.io/v1			2mo	2mo	2mo		triage/support	collaborator-last commented send
3991		cert-manager v1.3.1 pods crash after installation			2mo	2mo	2mo		kind/bug triage/support	commented recv-q send
3966		Using Cert Manager with Hashicorp Vault			2mo	2mo	2mo		triage/support	collaborator-last commented send
3870		Unable to Delete Challenge After Failed Uninstall			3mo	2mo	2mo		kind/bug priority/awaiting-more-evidence triage/support	collaborator-last commented send
3842		Issuing same certificate on different namespaces does not work			3mo	3mo	3mo		triage/support	collaborator-last commented send
3839		Ingress with cert-manager and clusterIssuer is opening in an insecured mode with warning and not as https			3mo	3mo	3mo		triage/support	collaborator-last commented send
3821		Error updating from 0.16 to 1.0 version			3mo	3mo	3mo		kind/bug priority/awaiting-more-evidence triage/support	collaborator-last commented send
3800		Documentation requires more elaboration on the cert renewal behavior.		2	4mo	3mo	3mo		priority/awaiting-more-evidence triage/support	collaborator-last commented send
3755		Letsencrypt challenges missing nginx ingress and flooding apache logs			4mo	3mo	3mo		kind/bug triage/support	author-last commented recv
3729		Possible Bug in RFC2136? Or Missconfiguration?			4mo	3mo	4mo		triage/support	recv
3706		renewal-hooks		3	5mo	6wk	6wk		triage/support	collaborator-last commented send
3698		Support for gke workload identity in the helm chart?			5mo	5mo	5mo		triage/support	collaborator-last commented send
3653		install cert-manager: Readiness probe failed: HTTP probe failed with statuscode: 500			5mo	2mo	5mo		kind/bug triage/support	recv
3601		Missing nodeSelector on challenge pods PR#3605: fix: Set default nodeSelector to linux commented		4	6mo	5mo	5mo		kind/bug triage/support	commented member-last pr-reviewed-with-comment send
3578		problem with kubernetes v 1.19 challange get 404 expected 200		3	6mo	6mo	6mo		triage/support	author-last commented recv recv-q
3543		check that a DNS record exists for this domain			6mo	6mo	6mo		triage/support	collaborator-last commented send
3542		SSL Certificate Manager has got expired, we need to renew SSL certificate in existing ClusterIssuer Kubernetes Service (AKS)			6mo	6mo	6mo		triage/support	author-last commented recv
3541		Issuer and the Subject are empty since 0.15.2 but were equal to "O = cert-manager" in 0.14.3 when using SelfSigned CA			6mo	6mo	6mo		triage/support	collaborator-last commented send
3445		Connection refused for cert-manager-webhook service		2	8mo	8mo	8mo		triage/support	author-last recv recv-q
3406		cluster issuer creation fails Similar: #4174: Unable to create cluster issuer (closed)		3	9mo	6mo	9mo		triage/support	commented recv recv-q similar
3388		https://...svc/mutate?timeout=10s: Service Unavailable			9mo	9mo	9mo		triage/support	commented recv-q send
3378		Generate certificate challenge error Similar: #4023: Vault generated certificates (open)			9mo	9mo	9mo		triage/support	collaborator-last commented send similar
3360		Wrong status code '404' & Challenge returns Not Found			9mo	8mo	9mo		triage/support	author-last commented recv
3331		Challenge Fails: Waiting for HTTP-01 challenge propagation: did not get expected response when querying endpoint, expected 'XXXX' but got: 'YYYY' Similar: #3318: Waiting for http-01 challenge propagation: failed to perform self check GET request (open) Similar: #3238: Waiting for http-01 challenge propagation: failed to perform self check GET request (open) Similar: #2967: Waiting for http-01 challenge propagation: read: connection reset by peer (open) Similar: #3442: challenge fail:Waiting for http-01 challenge propagation: did not get expected response when querying endpoint, expected "xxxxx" but got: <!doctype html> (closed)			10mo	9mo	9mo		triage/support	commented send similar
3318		Waiting for http-01 challenge propagation: failed to perform self check GET request Similar: #3331: Challenge Fails: Waiting for HTTP-01 challenge propagation: did not get expected response when querying endpoint, expected 'XXXX' but got: 'YYYY' (open) Similar: #3325: Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200' (open) Similar: #3309: Waiting for http-01 challenge propagation: wrong status code '403', expected '200' (open) Similar: #2842: Waiting for http-01 challenge propagation: wrong status code '404', expected '200' (open) Similar: #3000: Waiting for http-01 challenge propagation: dial tcp 127.0.0.1:80: connect: connection refused (open) Similar: #2967: Waiting for http-01 challenge propagation: read: connection reset by peer (open) Similar: #3442: challenge fail:Waiting for http-01 challenge propagation: did not get expected response when querying endpoint, expected "xxxxx" but got: <!doctype html> (closed)		5	10mo	5mo	5mo		triage/support	collaborator-last commented send similar
3312		Why does cert-manager issue fake certificates? Similar: #3896: Cert Manager failing to renew certificate (open) Similar: #3810: Certificates stuck issuing and unready after cert-manager restart (open)			10mo	10mo	10mo		triage/support	collaborator-last commented send similar
3309		Waiting for http-01 challenge propagation: wrong status code '403', expected '200' Similar: #3318: Waiting for http-01 challenge propagation: failed to perform self check GET request (open) Similar: #3238: Waiting for http-01 challenge propagation: failed to perform self check GET request (open) Similar: #3000: Waiting for http-01 challenge propagation: dial tcp 127.0.0.1:80: connect: connection refused (open) Similar: #2967: Waiting for http-01 challenge propagation: read: connection reset by peer (open) Similar: #2517: http-01 challenge propagation: wrong status code '404', expected '200' (closed)			10mo	10mo	10mo		triage/support	collaborator-last commented send similar
3261		certificate ready false			10mo	3mo	8mo		triage/support	author-last commented recv
3197		Can I use cert-manager to issue/rotate certs using internal k8s CA?			11mo	11mo	11mo		triage/support	collaborator-last commented send
3170		Why does cert-manager issue fake certificates? Similar: #3896: Cert Manager failing to renew certificate (open) Similar: #3810: Certificates stuck issuing and unready after cert-manager restart (open)			11mo	10mo	10mo		triage/support	collaborator-last commented send similar
3168		Unable to create certificates with dns01 for clouddns			11mo	11mo	11mo		triage/support	collaborator-last commented send
3164		Unable to kubectl get resources after upgrading to 1.16.1			11mo	11mo	11mo		triage/support	collaborator-last commented send
3133		Failed calling webhook "webhook.cert-manager.io"		2	1y	3mo	9mo		triage/support	commented recv-q send
3125		renewed certificate tls.crt not in right directory			1y	5mo	1y		priority/awaiting-more-evidence triage/support	collaborator-last commented send
3111		Kubeflow+Istio+Letsencrypt+Cert-Manager unable to create certificate			1y	1y	1y		triage/support	collaborator-last commented send
3078		Order gets stuck in pending state intermittently			1y	1y	1y		triage/support	collaborator-last commented send
3071		Waiting for CertificateRequest using Vault Issuer Similar: #3718: Multiple CertificateRequest objects for a single Certificate resource (open)			1y	5mo	1y		priority/awaiting-more-evidence triage/support	collaborator-last commented send similar
3069		How can change webhook service name if using helm for deployment			1y	1y	1y		triage/support	collaborator-last commented send
3062		no matches for kind "ClusterIssuer" in version "certmananger.k8s.io/v1alpha2" Similar: #3246: no matches for kind "ClusterIssuer" in version "cert-manager.io/v1" (closed)		2 24	1y	4mo	9mo		triage/support	commented send similar
3061		First Cloudflare API can validation, but sec can't validation			1y	1y	1y		triage/support	author-last commented recv
3041		defined Issuer for ingress resource but it is looking for ClusterIssuer			1y	5mo	1y		priority/awaiting-more-evidence triage/support	collaborator-last commented send
3007		Creating Issuer with self CA is failing			1y	1y	1y		triage/support	commented recv-q send
3000		Waiting for http-01 challenge propagation: dial tcp 127.0.0.1:80: connect: connection refused Similar: #3318: Waiting for http-01 challenge propagation: failed to perform self check GET request (open) Similar: #3238: Waiting for http-01 challenge propagation: failed to perform self check GET request (open) Similar: #3325: Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200' (open) Similar: #3309: Waiting for http-01 challenge propagation: wrong status code '403', expected '200' (open) Similar: #2842: Waiting for http-01 challenge propagation: wrong status code '404', expected '200' (open) Similar: #2967: Waiting for http-01 challenge propagation: read: connection reset by peer (open) Similar: #2517: http-01 challenge propagation: wrong status code '404', expected '200' (closed)			1y	5mo	1y		triage/support	author-last commented recv similar
2969		Vault ClusterIssuer with Kubernetes authentication not possible? Similar: #3363: Vault Issuer with Kubernetes authentication cannot be automated via Helm (open)			1y	5mo	1y		priority/awaiting-more-evidence triage/support	commented recv recv-q similar
2967		Waiting for http-01 challenge propagation: read: connection reset by peer Similar: #3331: Challenge Fails: Waiting for HTTP-01 challenge propagation: did not get expected response when querying endpoint, expected 'XXXX' but got: 'YYYY' (open) Similar: #3000: Waiting for http-01 challenge propagation: dial tcp 127.0.0.1:80: connect: connection refused (open) Similar: #3318: Waiting for http-01 challenge propagation: failed to perform self check GET request (open) Similar: #3238: Waiting for http-01 challenge propagation: failed to perform self check GET request (open) Similar: #3325: Waiting for HTTP-01 challenge propagation: wrong status code '404', expected '200' (open) Similar: #3309: Waiting for http-01 challenge propagation: wrong status code '403', expected '200' (open) Similar: #2842: Waiting for http-01 challenge propagation: wrong status code '404', expected '200' (open)			1y	1y	1y		kind/bug triage/support	collaborator-last commented send similar
2959		certificate letsencrypt-staging is in status false ...			1y	1y	1y		triage/support	commented recv recv-q
2950		"error"="acme: urn:ietf:params:acme:error:malformed: No order for ID			1y	1y	1y		triage/support	commented send
2929		Notify a service inside k8s cluster on certificate renewal Similar: #4220: Reuse existing identical certificates (open)			1y	1y	1y		triage/support	commented send similar
2861		Question			1y	5mo	1y		priority/awaiting-more-evidence triage/support	author-last commented recv
2846		Cert-manager as CA issuer: pod cannot find the secret with certificate because it is created with some time delay.			1y	1y	1y		area/ca triage/support	author-last commented recv
2811		i/o timeout from apiserver when connecting to webhook on k3s		5	1y	10mo	1y		area/deploy triage/support	commented recv recv-q
2703		AKS: Lets Encrypt Cert not working on TLS ingress into AKS cluster		4	1y	1y	1y		area/acme triage/needs-information triage/support	assigned assignee-updated collaborator-last commented send
480		Secret gets UID added to end of name			4mo	3mo	4mo		triage/support	contributor-last recv recv-q
91		Google CloudDNS			2y	11mo	11mo		triage/support	collaborator-last commented send

Issues nearing expiration: No matching items

Pull requests: Approved and getting old (5)

Resolution:

Average age: 72.7d, Avg wait: 13.1d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4161		Update makefile			3wk	13d	13d		approved dco-signoff: yes kind/cleanup release-note-none size/M	collaborator-last commented unreviewed
3727		DESIGN: Policy			4mo	3wk	3wk		approved dco-signoff: yes kind/design release-note-none size/XL	commented member-last reviewed-with-comment send
4044		Upgrade the Vault server used in E2E tests			2mo	2mo	2mo		approved area/testing dco-signoff: yes needs-kind release-note-none size/S	collaborator-last commented send unreviewed
4027		bug: Don't sort json patch operations			2mo	2mo	2mo		approved dco-signoff: yes kind/bug ok-to-test release-note-none size/XS	commented contributor-last new-commits recv
35		Sort versions when running "cmrel staged" and add cmrel staged --help		2	1mo	3wk	3wk		approved dco-signoff: yes size/M	commented member-last new-commits

Pull Requests: Stale (51)

Resolution: Add comment and/or close PR

Average age: 129.5d, Avg wait: 25.4d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4072		Add a name to Prometheus scraping service port for Istio compatibillity			7wk	5d	7wk		area/deploy dco-signoff: yes needs-kind needs-ok-to-test release-note size/XS	assigned contributor-last recv recv-q unreviewed
4171		A webhook startup probe to check that the cert-manager API is usable			3wk	9d	3wk		approved area/deploy dco-signoff: yes needs-kind needs-rebase release-note size/L	collaborator-last commented reviewed-with-comment send
3905		proxy ingress annotations to certificates for external issuers			3mo	10d	3mo		dco-signoff: yes do-not-merge/release-note-label-needed needs-kind needs-ok-to-test needs-rebase size/M	assigned collaborator-last recv unreviewed
3639		Allow setting Helm chart service annotations Similar: #3305: Allow to set annotations for services (open)			5mo	12d	5mo		area/deploy dco-signoff: yes needs-kind needs-ok-to-test needs-rebase release-note size/S	assigned collaborator-last recv recv-q similar unreviewed
4069		Add: support for additional labels			1mo	12d	1mo		area/deploy dco-signoff: yes do-not-merge/release-note-label-needed needs-kind needs-ok-to-test needs-rebase size/L	collaborator-last recv unreviewed
4145		Allow additional namespaceSelector matchExpressions to be configured on ValidatingWebHook			4wk	17d	4wk		area/deploy dco-signoff: yes kind/feature ok-to-test release-note size/XS	assigned assignee-updated author-last commented recv recv-q unreviewed
4164		[WIP] parametrizing dns01 tests			3wk	18d	3wk		area/testing dco-signoff: yes do-not-merge/work-in-progress kind/feature needs-ok-to-test needs-rebase release-note-none size/L	collaborator-last draft recv unreviewed
3607		WIP e2e test to confirm assumption of KU match on renewal			6mo	19d			approved area/testing dco-signoff: yes do-not-merge/work-in-progress kind/cleanup needs-rebase release-note-none size/M	assigned assignee-updated collaborator-last unreviewed
3996		*make sure crd- manifests are YAML before passing to controller-gen**			2mo	19d	2wk		approved dco-signoff: yes do-not-merge/release-note-label-needed needs-kind needs-rebase size/M	changes-requested collaborator-last commented send
3871		[WIP] Adds ARM64 to test platforms			3mo	2wk	2wk		approved dco-signoff: yes do-not-merge/hold do-not-merge/work-in-progress kind/feature release-note-none size/S	assigned assignee-updated collaborator-last commented unreviewed
3605		fix: Set default nodeSelector to linux			6mo	3wk	3wk		area/acme area/acme/http01 area/deploy dco-signoff: yes kind/bug release-note size/S	commented member-last reviewed-with-comment send
3562		WIP: Resync Issuers and ClusterIssuers every 30 seconds			6mo	3wk	3wk		approved area/testing dco-signoff: yes do-not-merge/hold do-not-merge/work-in-progress kind/bug release-note size/L	commented draft member-last new-commits open-milestone send
4050		explicitly specify port protocol field to allow server side apply			2mo	4wk	2mo		area/deploy dco-signoff: yes needs-kind needs-ok-to-test release-note-none size/XS	assigned author-last recv recv-q unreviewed
4078		Allow (Cluster)Issuer to define caBundle for ACME server TLS verification			7wk	5wk	6wk		area/acme area/api area/deploy dco-signoff: yes kind/feature ok-to-test release-note size/L	commented member-last send unreviewed
3466		WIP: Certificate Spec Defaulting			8mo	6wk	8mo		approved area/api dco-signoff: yes do-not-merge/work-in-progress needs-kind needs-rebase release-note size/L	collaborator-last commented reviewed-with-comment send
3614		Pass the key before hash and the token to the dns webhook solvers			5mo	7wk	5mo		area/acme area/acme/dns01 area/api area/deploy area/testing dco-signoff: yes needs-kind needs-ok-to-test needs-rebase release-note size/L	author-last commented recv recv-q unreviewed
3305		Allow to set annotations for services Similar: #3639: Allow setting Helm chart service annotations (open)			10mo	2mo	10mo		area/deploy dco-signoff: yes do-not-merge/release-note-label-needed do-not-merge/work-in-progress needs-kind needs-rebase ok-to-test size/S	collaborator-last commented draft send similar unreviewed
3368		Add PrometheusRule and basic alert. Fixes #3342		3	9mo	2mo	8mo		area/deploy dco-signoff: yes needs-kind ok-to-test release-note size/M	collaborator-last commented reviewed-with-comment send
3410		Add API defaulting for Venafi Issuer config			9mo	2mo	7mo		approved area/api dco-signoff: yes do-not-merge/hold needs-kind needs-rebase release-note size/XL	collaborator-last commented open-milestone reviewed-with-comment send
3635		WIP: renewBefore sanity checks			5mo	2mo	3mo		approved dco-signoff: yes do-not-merge/work-in-progress needs-kind needs-rebase release-note-none size/L	collaborator-last commented open-milestone reviewed-with-comment send
3702		Update import path following repository move			5mo	2mo	5mo		approved area/acme area/acme/dns01 area/acme/http01 area/api area/ca area/deploy area/monitoring area/testing area/vault dco-signoff: yes do-not-merge/hold kind/cleanup kind/design needs-rebase release-note size/XXL	collaborator-last commented unreviewed
3836		Refactor the end-to-end ACME HTTP01 tests (follow-up to #3444)			3mo	2mo	3mo		approved area/testing dco-signoff: yes do-not-merge/work-in-progress kind/cleanup needs-rebase release-note-none size/XL	collaborator-last commented draft unreviewed
3883		No need to specify namespaceSelector when in same namespace			3mo	3mo	3mo		area/deploy dco-signoff: yes do-not-merge/release-note-label-needed needs-kind needs-ok-to-test size/XS	collaborator-last recv unreviewed
3405		Add Certificate Extensions support			9mo	7mo	9mo		area/api area/deploy dco-signoff: no do-not-merge/release-note-label-needed do-not-merge/work-in-progress needs-kind needs-ok-to-test needs-rebase size/L	collaborator-last draft recv unreviewed
615		Adds documentation for CSR supporting all issuers, and the CTL command			5wk	6d	6d		approved dco-signoff: yes do-not-merge/cherry-pick-not-approved size/L	collaborator-last commented unreviewed
545		Update akamai.md			2mo	13d	2mo		dco-signoff: yes ok-to-test size/M	author-last commented recv reviewed-with-comment
634		feat: update secretTemplate documentation			3wk	2wk	3wk		dco-signoff: yes ok-to-test size/S	assigned commented contributor-last new-commits send
447		WIP Adds repo structure description			5mo	3wk	3wk		approved dco-signoff: yes do-not-merge/work-in-progress needs-rebase size/L	assigned assignee-updated commented member-last send unreviewed
284		Clarify source of API docs			11mo	3wk	3wk		dco-signoff: yes ok-to-test size/XS	commented member-last reviewed-with-comment send
578		WIP: A note about how not to use the ca.crt			1mo	3wk	3wk		dco-signoff: yes do-not-merge/work-in-progress size/M	changes-requested commented member-last send
633		WIP: Kubectl cert manager install Similar: #4125: [WIP] Add install to cert-manager cli (open) Similar: #655: Install add 'kubectl cert-manager x install' documentation (open) Similar: #4226: add 'kubectl cert-manager version' (open)			3wk	3wk	3wk		dco-signoff: yes do-not-merge/work-in-progress size/L	commented contributor-last new-commits similar
625		Document the use of the HTTP01 Gateway API solver			4wk	4wk			approved dco-signoff: yes do-not-merge/cherry-pick-not-approved do-not-merge/work-in-progress size/XXL	contributor-last draft unreviewed
589		cloud DNS: include missing project ID			6wk	5wk	5wk		dco-signoff: yes ok-to-test size/XS	changes-requested commented member-last send
446		Add multiple ingresses usage section			5mo	5wk	5mo		dco-signoff: yes needs-ok-to-test needs-rebase size/XS	contributor-last recv unreviewed
548		More doc around the approval API in the /concepts/certificaterequest page			2mo	5wk	7wk		approved dco-signoff: yes kind/cleanup needs-rebase size/XL	commented contributor-last unreviewed
451		update to ingress.			5mo	6wk	5mo		dco-signoff: no needs-ok-to-test size/XS	contributor-last recv unreviewed
558		While restoring a backup, the uid and resourceVersion should be ignored			2mo	6wk	7wk		approved dco-signoff: yes do-not-merge/hold lgtm size/S	assigned assignee-updated commented contributor-last recv-q unreviewed
455		move cert-manager from jetstack to cert-manager			5mo	7wk	7wk		approved dco-signoff: yes do-not-merge/hold needs-rebase size/L	commented member-last send unreviewed
518		Non-honoring external issuers: explain their impact			3mo	2mo			approved dco-signoff: yes do-not-merge/work-in-progress needs-rebase size/XS	contributor-last draft unreviewed
528		Update "Setting Nameservers for DNS01 Self Check" example			3mo	3mo	3mo		dco-signoff: yes needs-ok-to-test size/XS	contributor-last recv unreviewed
249		add clarity of role use for eks clusterissuer			1y	5mo	5mo		dco-signoff: no ok-to-test size/S	assigned commented member-last reviewed-with-comment send
17		Add image validation for Docker architecture			1y	3wk	3wk		dco-signoff: yes lgtm size/L	assigned assignee-updated commented member-last new-commits send
36		Add the "cmrel update-release-branch" command			7wk	7wk	7wk		approved dco-signoff: yes do-not-merge/work-in-progress size/M	commented draft member-last unreviewed
8 previously listed items omitted: #3828 #4161 #4125 #3727 #4044 #3705 #4027 #35

Overdue answers for a question (51)

Resolution: Add a comment

Average age: 349.8d, Avg wait: 116.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4173		Enable domains for no_proxy			3wk	3wk	3wk		kind/feature	author-last recv recv-q
4053		Error setup role to manage Route53 dns01			2mo	17d	2mo		kind/bug	recv recv-q
3977		cert-manager-webhook Firewalld Issues			2mo	2mo	2mo		kind/bug	author-last recv recv-q
3957		Support JKS trust store for ACME certificates Similar: #4211: support for importing multiple CA in jks certificates (open) Similar: #3404: Add support for custom Certificate Extensions (open) Similar: #1686: MS Active Directory Certificate Services support (open)			2mo	14d	2mo		kind/feature	commented recv-q send similar
3896		Cert Manager failing to renew certificate Similar: #3312: Why does cert-manager issue fake certificates? (open) Similar: #3170: Why does cert-manager issue fake certificates? (open)		15	3mo	10d	3mo		kind/bug	recv recv-q similar
3874		Getting "Error from server: conversion webhook for acme.cert-manager.io/v1alpha2, Kind=Challenge failed: Post https://cert-manager-webhook.cert-manager.svc:443/convert?timeout=30s: service "cert-manager-webhook" not found" Similar: #2752: Post https://cert-manager-webhook.cert-manager.svc:443/convert?timeout=30s: service "cert-manager-webhook" not found (closed)			3mo	2mo	3mo			recv recv-q similar
3824		http01 challange creates an invalid ingress resource when ingress class is set		3	3mo	14d	2mo		area/ingress-shim kind/bug priority/backlog	commented recv-q send
3716		Health check failed as CertificateSource is unhealthy"			4mo	2wk	4mo		kind/bug	recv recv-q
3689		Certificate cannot be created because of attempts to create Order resources that already exist (on OVH)		3	5mo	5wk	2mo		help wanted kind/bug priority/important-longterm	commented recv-q send
3637		BadRequest error when configuring external Vault with Kubernetes authentication		2	5mo	2wk	5mo		kind/bug	recv recv-q
3608		Unable to renew certificate for some cert hosts with propagation check failed			6mo	5mo	6mo		kind/bug	recv recv-q
3599		Create certificate issue (showing in progress only)			6mo	6mo	6mo			author-last recv recv-q
3565		requestmanager_controller got stuck in a loop and stopped generating new certificates afterward			6mo	3mo	6mo		kind/bug	recv recv-q
3484		Ingress annotations with external issuer end up in eternal loop - smallstep			7mo	5mo	7mo		kind/bug	author-last commented recv recv-q
3481		cert-manager stops reconciling certificate expiries		2 4	8mo	5mo	8mo		kind/bug	author-last commented recv recv-q
3437		DNS-01 webhook improvements PR#3614: Pass the key before hash and the token to the dns webhook solvers unreviewed			8mo	5mo			Epic kind/feature priority/backlog	open-milestone pr-unreviewed recv-q
3363		Vault Issuer with Kubernetes authentication cannot be automated via Helm Similar: #2969: Vault ClusterIssuer with Kubernetes authentication not possible? (open)		9	9mo	2mo	9mo		area/vault kind/bug priority/important-longterm	commented recv-q send similar
3265		Internal error occurred: failed calling webhook connect: no route to host Similar: #4073: Internal error occurred: failed calling webhook (open)		3	10mo	11d	10mo		triage/support	commented recv-q send similar
2906		Add Subject Key Identifier to Certificate CRD Similar: #90: Document Certificate Subject Changes (open)			1y	6wk	11mo		area/ca kind/feature priority/important-soon	commented recv-q send similar
2899		CA-injector doc updates( was Webhook patching infinite loop)			1y	1y	1y		area/cainjector kind/bug priority/awaiting-more-evidence	author-last commented recv recv-q
2842		Waiting for http-01 challenge propagation: wrong status code '404', expected '200' Similar: #3318: Waiting for http-01 challenge propagation: failed to perform self check GET request (open) Similar: #3238: Waiting for http-01 challenge propagation: failed to perform self check GET request (open) Similar: #3000: Waiting for http-01 challenge propagation: dial tcp 127.0.0.1:80: connect: connection refused (open) Similar: #2967: Waiting for http-01 challenge propagation: read: connection reset by peer (open) Similar: #2517: http-01 challenge propagation: wrong status code '404', expected '200' (closed)		3	1y	2wk	1y		area/acme/http01 triage/support	commented recv recv-q similar
2763		Creating ingress-shim equivalent for Istio gateway resources			1y	3mo	10mo		area/ingress-shim good first issue kind/design kind/feature priority/backlog	commented recv-q send
2722		Inject CA certificate into Secrets with cainjector Similar: #3462: Store older versions of certificate secrets (open)		8	1y	5mo	9mo		kind/feature priority/awaiting-more-evidence	commented recv-q send similar
2636		Certificate stuck in issuing state Similar: #3810: Certificates stuck issuing and unready after cert-manager restart (open)			1y	1y	1y		area/api kind/bug priority/awaiting-more-evidence	commented recv-q send similar
2525		Better support multi-namespace & single-namespace deployments PR#4219: add "components" Helm value unreviewed		11	2y	2mo	1y		area/deploy kind/feature priority/important-longterm	commented pr-unreviewed recv-q send
2522		Way to put cert secret to custom namespace		3	2y	4mo	2y		area/api kind/feature priority/awaiting-more-evidence	commented pr-closed recv-q send
2362		cainjector failing frequently		3 19	2y	4wk	1y		area/cainjector kind/bug priority/awaiting-more-evidence	commented recv-q send
2332		Private ACME authority aka custom root certificate for ACME		7	2y	4mo	1y		area/acme good first issue help wanted kind/feature priority/backlog	commented recv recv-q
1292		Allowing skipping HTTP01 and DNS01 self-check on a per-solver basis		58	2y	5wk	11mo		area/acme area/api help wanted kind/feature lifecycle/active priority/important-longterm	assigned assignee-updated commented open-milestone pr-closed recv-q send
1282		Option to specify x509 extensions on certificates		7	2y	1y	2y		area/api help wanted kind/feature priority/backlog	commented recv recv-q
1064		Support for OpenShift `route` object		21	2y	1y	2y		help wanted kind/design kind/feature priority/backlog	commented pr-closed recv-q send
403		Add to documentation: change default port of webhook when using hostNetwork and default Kubelet port setting			6mo	2mo	5mo		documentation good first issue kind/documentation	commented recv-q send
19 previously listed items omitted: #4023 #3991 #3578 #3445 #3406 #3388 #3377 #3238 #3133 #3009 #3007 #2969 #2959 #2902 #2877 #2811 #2538 #2377 #262

Updated support requests (122)

Resolution: Move out of support, or add a comment

Average age: 180.4d, Avg wait: 160.6d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
4220		Reuse existing identical certificates Similar: #2929: Notify a service inside k8s cluster on certificate renewal (open)			7d	7d	7d		kind/feature	recv similar
4216		Error getting keypair for CA issuer: error parsing ecdsa private key: x509: failed to parse EC private key: asn1: structure error: length too large			10d	10d	10d			recv
4215		Include example manifests in this repo for reference			10d	10d	10d			recv
4214		Certificate orders get in an unknown state.			10d	10d	10d		kind/bug	recv
4211		support for importing multiple CA in jks certificates Similar: #3957: Support JKS trust store for ACME certificates (open)			12d	12d	12d		kind/feature	recv similar
4210		Syncing secret across namespaces gives error "unable to fetch certificate that owns the secret"			12d	12d	12d		kind/bug	recv
4196		Enhance CA issuer with HSM support			17d	6d	13d		area/ca help wanted kind/feature	author-last commented recv
4187		Upgrade to cert-manager v1.3.1 causes outage on EKS			19d	19d	19d		kind/bug	recv
4179		Universal cert-manager installing, uninstalling, debugging and upgrading			3wk	3wk	3wk			recv
4170		Use Dependabot for automatic dependency upgrades			3wk	3wk	3wk		kind/feature	recv
4166		cert-manager should allow to store certificate in vault Similar: #910: Allow to store certificate in vault (closed)			3wk	3wk	3wk		kind/feature	recv similar
4159		Unable to create venafi issuer with kubernetes Similar: #4174: Unable to create cluster issuer (closed)			3wk	3wk	3wk		kind/bug	recv similar
4153		Support DoT (DNS over TLS) for Recursive Nameservers			3wk	3wk	3wk		kind/feature	recv
4148		Kubernetes Ingress Controller Fake Certificate			4wk	3wk	4wk			author-last recv
4146		Provide cert store format choice for PEM combined			4wk	4wk	4wk		kind/feature	recv
4135		Exclude some parent labels from being replicated on child objects			4wk	4wk	4wk		kind/feature	author-last recv
4114		Endless Sync Loop when installing Helm Chart via ArgoCD PR#4145: Allow additional namespaceSelector matchExpressions to be configured on ValidatingWebHook unreviewed Similar: #3739: Helm chart fails to install CRDs when using ArgoCD (open)			5wk	5wk	5wk		kind/bug	author-last pr-closed pr-unreviewed recv similar
4095		Update private Docker registry path			6wk	6wk	6wk			recv
4086		[CA Issuer] Metrics for getting issuer cert expiration			6wk	6wk	6wk			recv
4073		Internal error occurred: failed calling webhook Similar: #3265: Internal error occurred: failed calling webhook connect: no route to host (open)