generic Daily Triage :: Triage Party

queue to be emptied once a day

Unprioritized issues older than 7 days (261)

Resolution: Add a priority/ or triage/ label

Average age: 472.5d, Avg wait: 233.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8754		Test Flake: TestDynamicAuthorityMulti: authority_test.go:175: Timeout waiting for rotation			15d	15d	15d		kind/flake	recv
8763		Minimize cert-manager and trust-manager Controller Privileges			12d	12d	12d		kind/feature	recv
8729		Feature Request: allow to configure max retry backoff duration for failed CertificateRequest			3wk	5d	6d		kind/feature	author-last commented recv recv-q
8716		Feature Request: Add a CMPv2 issuer for certificate enrollment and renewal (RFC 4210)			4wk	19d	3wk		kind/feature	commented send
8702		202 Accepted Response - Certificate Request failed - Unexpected status code on TPP Certificate Request.			4wk	4wk	4wk			recv
8696		Challenge is not reconciled on ACME API timeout PR#8697: fix: retry ACME challenge on timeout, closes #8696 commented			4wk	4wk	4wk		kind/bug	pr-reviewed-with-comment recv
8688		Your MCP server earned an A security grade on Loaditout			5wk	5wk	5wk			recv
8679		Allow managing SSH-CA			5wk	5wk	5wk		kind/feature	recv
8672		Allow specifying the secret namespace for CA issuer spec PR#8674: Allow specifying secret namespaces for CAIssuers unreviewed			5wk	5wk	5wk			commented member-last pr-unreviewed send
8767		Add support for CRLDistributionPoints on Certificate resources Similar: #56: Support for destinationCaCertificate / Reencrypt Routes (open) Similar: #53: Support crlDistributionPoints & ocspServers (open)			7d	5d	5d		kind/feature	commented member-last pr-closed send similar
8656		v1.20.0 release progress tracking			6wk	6wk
8659		v1.20.1 release progress tracking			6wk	6wk
8641		ContribFest KubeCon EU 2026 - Amsterdam (March 24, 2026)			7wk	7wk	7wk		kind/documentation	commented member-last
8611		Move from LetsEncrypt staging endpoint to production endpoint causes loop of the same error		3 2	2mo	6wk	6wk		kind/bug	commented member-last pr-closed send
8586		Misconfiguration caused hammering of DigitalOcean API PR#8698: fix(digitalocean): resolve DNS01 zones from managed domains unreviewed			2mo	2mo	2mo		kind/bug	pr-unreviewed recv
8643		ACME challenge scheduler: allow parallel challenges with different HTTP01 ingress classes or DNS01 providers PR#8648: fix: for ACME challenge scheduler, allow parallel challenges with dif… unreviewed PR#8736: scheduler: allow parallel challenges with different HTTP01 ingress classes or DNS01 providers unreviewed PR#8781: Document the conservative ACME challenge scheduler key commented			7wk	10h	1d		good first issue help wanted kind/bug	assigned assignee-updated commented member-last pr-reviewed-with-comment pr-unreviewed send
8530		Allow usage of the new DNS-PERSIST-01 challange for ACME Similar: #8373: DNS-PERSIST-01 challenge support (planned for late Q1 2026) (open)		15	2mo	2mo	2mo		kind/feature	recv similar
8522		Support pulling additional fields from secret when using external account binding		2	2mo	2mo	2mo		kind/feature	recv recv-q
8512		ArtifactHub install command causes Helm fallback warning due to missing v prefix			2mo	2mo	2mo			recv
8499		Add custom labels to be exposed in prometheus metrics			3mo	3d	4wk		kind/feature area/monitoring	commented contributor-last send
8572		Solver ingressTemplate annotations are not applied to existing Ingress resources when acme.cert-manager.io/http01-edit-in-place: 'true' is set PR#8718: fix: apply ingressTemplate annotations to edit-in-place ingresses unreviewed Similar: #1715: The ingress annotation `cert-manager.io/secret-template` is not documented (open)			2mo	2mo	2mo		kind/bug	author-last pr-closed pr-unreviewed recv similar
8481		FYI: cert-manager-webhook-libdns			3mo	3mo	3mo			recv
8493		cloudflare DNS01 - Client.Timeout exceeded while awaiting headers PR#8534: feat: add --dns01-timeout flag to make DNS01 provider API timeout configurable unreviewed PR#8608: fix: reduce happy-eyeballs fallback delay in Cloudflare DNS provider unreviewed		4 11	3mo	6wk	2mo		good first issue help wanted kind/bug	assigned assignee-updated commented pr-unreviewed recv-q send
8476		Helm chart defaults leaderElection namespace to kube-system, blocking cert-manager controller and certificate creation			3mo	3mo	3mo		kind/bug	author-last commented recv recv-q
8479		Subject Key Identifier (SKI) missing on issued certificates by self-signed CA PR#8480: Add Subject Key Identifier (SKI) to issued certificates new-commits			3mo	3mo	3mo		kind/feature	pr-new-commits recv
8458		Vault approle configuration			3mo	3mo	3mo		kind/feature	recv
8450		Introducing DelayedInformers for CRD check			3mo	3mo	3mo		kind/feature	assigned assignee-updated commented contributor-last send
8416		Make Venafi client timeout configurable for slower servers			3mo	3mo	3mo		kind/feature	commented member-last send
8378		Support `PodCertificateRequest` Similar: #8121: Support for Creating CertificateRequest from Kubernetes Secret (open) Similar: #7829: Support to auto delete Certificaterequest (open) Similar: #7821: Request to support AWS ACM Exportable certificates (open) Similar: #560: Support rotated certificate sources (open)		2	4mo	12d	4mo		kind/feature	commented send similar
8372		HTTP-01 challenge: support stateless http-01 challenge			4mo	4mo	4mo		kind/feature	recv
8364		Replace Hetzner DNS01 Webhook			4mo	4mo	4mo			collaborator-last commented send
8340		Top-level: CA Issuer rotation problem			5mo	5mo			cybr
8319		Improve cert-manager's event handler to allow us to selectively skip some reconciliations			5mo	4mo			cybr
8309		Dependency Dashboard			5mo	28min	5mo			recv
8280		Unblocking SSA: Document changes in SSA-by-default			5mo	5mo			cybr
8747		ACME challenges can get permanently stuck after a network timeout PR#8760: acmechallenges: retry on transient ACME errors new-commits PR#8697: fix: retry ACME challenge on timeout, closes #8696 commented			18d	15d	18d		kind/bug	pr-new-commits pr-reviewed-with-comment recv
8277		Unblocking Server Side Apply (SSA) by Default			5mo	3mo	3mo		cybr	commented member-last
8251		Top-level ticket: ListenerSet		8	6mo	3wk	2mo		cybr	commented pr-merged recv-q send
8235		Cert-manager support for Issuer-managed keys			6mo	1d	6mo		kind/feature lifecycle/stale	commented contributor-last recv
8234		Vault Issuer: certmanager spams thousands of CertificateRequest resources if Issuer is configured to use the Vault issue endpoint rather than the sign endpoint PR#8630: fix(vault): detect mismatched key from issue endpoint and fail permanently unreviewed			6mo	5d	6mo		kind/bug lifecycle/stale	commented contributor-last pr-unreviewed send
8373		DNS-PERSIST-01 challenge support (planned for late Q1 2026) Similar: #8530: Allow usage of the new DNS-PERSIST-01 challange for ACME (open)		3 3 2 139	4mo	13d	4mo		kind/feature	recv recv-q similar
8209		Add revocation at certificate deletion Similar: #28: Certificate revocation from CAS Console (open)		3	6mo	14d	6mo		kind/feature lifecycle/stale	contributor-last recv similar
8194		Update e2e Documentation - for the make e2e-setup command			6mo	3wk	6mo		kind/feature lifecycle/stale	commented contributor-last send
8183		Add helm diff output to cert-manager PRs			6mo	5mo	6mo			assigned assignee-updated collaborator-last commented send
8095		DNS-01 Delegated zone is not following CNAME and creating wrong records		4	7mo	13d	7mo		kind/bug lifecycle/stale	commented contributor-last recv recv-q
8094		HTTP-01 challenge returns 502 with App Gateway (works with NGINX ingress controller)			7mo	3mo	7mo			recv recv-q
8086		ACME ClusterIssuer not recovering after Vault restart			7mo	1mo	7mo		kind/bug lifecycle/stale	contributor-last recv
8082		EOF during self check with Pomerium			7mo	1mo	7mo		lifecycle/stale	contributor-last recv
8023		ACME issuer fails when CA includes Name Constraints with x509: unhandled critical extension			8mo	2mo	8mo		lifecycle/stale	commented contributor-last recv recv-q
7914		Output tls.crt in CA cert to another secret			9mo	1d	9mo		kind/feature lifecycle/rotten	contributor-last recv
7868		Metrics for webhook certificate Similar: #955: Feature Request: Add option to set duration for the webhook certificate (open)		3	9mo	12d	9mo		kind/feature lifecycle/stale	contributor-last recv similar
8218		Include Vault hostname as default JWT audiences			6mo	3mo	3mo		kind/feature	assigned assignee-updated commented member-last pr-merged send
7862		Requesting a certificate from ZeroSSL sometimes takes more than 10 minutes to complete		7	10mo	5wk	10mo		kind/bug lifecycle/stale	contributor-last recv
7834		Provide race condition mitigation support			10mo	4mo	10mo		kind/feature	author-last recv
7829		Support to auto delete Certificaterequest Similar: #8121: Support for Creating CertificateRequest from Kubernetes Secret (open) Similar: #8378: Support `PodCertificateRequest` (open) Similar: #7821: Request to support AWS ACM Exportable certificates (open)			10mo	6wk	10mo		kind/feature lifecycle/rotten	commented contributor-last send similar
7864		failed to call webhook: certificate has expired or is not yet valid Similar: #5861: cert manager API showing error - "x509: certificate has expired or is not yet valid" (open)		2	9mo	4mo	9mo		kind/bug	assigned assignee-updated contributor-last recv recv-q similar
7828		Cert-manager created multiple CertificateRequests (over 30k) for a valid certificate			10mo	6d	9mo		kind/bug lifecycle/stale	commented contributor-last send
7822		Tracking: Kubernetes Gateway API follow up tasks		5	10mo	5mo	5mo			commented member-last pr-merged send
7788		Be able to default `acme.cert-manager.io/http01-edit-in-place: "true"` behavior in deployment/chart values		5	11mo	5mo	5mo		kind/feature	collaborator-last commented send
7779		RevisionHistoryLimit should follow Kubernetes definition			11mo	2mo	11mo		lifecycle/rotten	contributor-last recv
7772		Reviewing the use of https://github.com/SSLMate/go-pkcs12			11mo	2mo	11mo		kind/feature lifecycle/rotten	commented contributor-last send
7768		Stuck in a loop with `multiple challenge solver pods found for challenge`			11mo	5mo	11mo		kind/bug	author-last recv
7766		Certificate: Let me specify the concatenation order for CombinedPEM output format			11mo	2mo	11mo		kind/feature	author-last recv recv-q
7765		Propagation tests fails when using IPv6 recursive DNS nameservers			11mo	2mo	11mo		kind/bug lifecycle/rotten	recv
7760		Is the zone responsible for a domain changes, cert-manager will not pick it up			11mo	2mo	11mo		kind/bug lifecycle/rotten	contributor-last recv
7755		cert-manager-challenges Error presenting challenge: expected array of Record			1y	2mo	1y		lifecycle/rotten	contributor-last recv recv-q
7751		Custom key usage extensions			1y	2mo	3mo		kind/feature	commented recv recv-q
7749		Http and PROXY protocol		5	1y	3mo	1y		lifecycle/rotten	contributor-last recv
7747		[suggestion] Add Kustomize install documentation		5 6	1y	2mo	1y		kind/feature lifecycle/stale	commented contributor-last recv recv-q
7821		Request to support AWS ACM Exportable certificates Similar: #7829: Support to auto delete Certificaterequest (open) Similar: #8378: Support `PodCertificateRequest` (open)		56	10mo	4mo	7mo		kind/feature	commented send similar
7649		[GKE][Cert-Manager]Document Might Need Implementation Details Update to GSA/KSA Integration			1y	2mo	1y		kind/bug lifecycle/rotten	contributor-last recv recv-q
8745		helm verify fails due to filename containing a 'v' prefix on the version in the provenance file			19d	14d	19d		kind/bug	author-last recv
7561		Feature Request RFC: Push notifications from cert-manager to <other service> when certificates are issued			1y	3d	6mo		kind/feature	author-last commented recv recv-q
7551		Unhelpful log messages			1y	5mo			lifecycle/frozen	contributor-last
7531		punycode issue			1y	15d	1y			author-last recv
7522		Non standard "cert-manager.io" used in event "Reason"			1y	6mo	1y		lifecycle/frozen kind/bug	commented contributor-last recv
7520		ClusterIssuer read caBundle from Secret PR#7521: ClusterIssuer read caBundle from Secret unreviewed		7	1y	5mo	1y		kind/feature	commented pr-unreviewed send
7510		Key Size for Acme Account Key PR#7646: Support custom ACME account key type. new-commits			1y	2mo	1y		kind/feature lifecycle/rotten	contributor-last pr-new-commits recv
7492		`UseCertificateRequestBasicConstraints` should probably add `Critical` for `isCA`			1y	6mo	1y		lifecycle/frozen	commented contributor-last recv
7486		`"Unhandled Error" err="ingress '...' in work queue no longer exists"` should be handled (clean up dangling `Certificate`)		6	1y	6mo	1y		lifecycle/frozen kind/bug	contributor-last recv recv-q
7476		[Helm Chart] - Wrong handling of image registry and repository		4	1y	2mo	5mo		kind/bug	commented pr-closed send
7684		Add support for namespaced deployment Similar: #2525: Better support multi-namespace & single-namespace deployments (open)			1y	4wk	1y		kind/feature lifecycle/rotten	contributor-last pr-merged recv recv-q similar
7438		certificate not updated after enabling SSA			1y	5mo	1y		kind/bug	author-last recv
7645		Support cross-signed intermediate CAs issued with Vault		5	1y	5wk	3mo		kind/feature	commented send
7388		Kid missing in the new order request PR#8262: Bugfix #7388 kid missing issue with Infisical ACME server or any other ACME that requires EAB unreviewed		2	2y	5mo	2y		kind/bug	pr-unreviewed recv recv-q
6622		`make update-licenses` is non-deterministic.			2y	2mo	11mo		kind/bug lifecycle/rotten	commented contributor-last pr-merged pr-unreviewed
8733		Updates or removal of solver ingress class annotations on ingresses are not propagated to existing certificates PR#8734: Fix: include annotations derived from ingress in certificate reconciliation loop unreviewed			3wk	7h	7h		kind/bug	commented member-last pr-unreviewed send
6010		Support the ACME Renewal Information (ARI) extension PR#8574: feat(design): proposed ari design new-commits		2 19	3y	6wk	11mo		kind/feature	commented pr-new-commits recv recv-q
6224		Option to store certificate history in individual secrets		2	2y	2mo	8mo		kind/feature lifecycle/stale	commented contributor-last recv-q send
4749		rfc2136 seems to not work with deep subdomains			4y	14d	4y		kind/bug lifecycle/stale area/acme/dns01	contributor-last recv recv-q
7422		Please provide standalone helm chart for CRDs		20	2y	2mo	2y		kind/feature lifecycle/stale	contributor-last recv
7473		Create certificate based on HTTPRoute configuration		63 7 98	1y	5wk	5wk		kind/feature	assigned assignee-updated commented pr-closed pr-merged send
8756		cert-manager: SSRF via `Issuer.spec.vault.server`			15d	15d	15d			recv
8279		Unblocking SSA: Fix unit tests			5mo	5mo			cybr
5864		Certmgr allows creating certificates expiring after ca expiration. PR#7733: fixes #5864: cert-manager CA to issue certs after verify with CA Certs Validity new-commits		4 33	3y	6mo	1y		lifecycle/frozen kind/bug cybr	commented pr-new-commits recv-q send
2061		Tutorial: `cert-manager` on Google Kubernetes Engine - Remove Google Domains PR#2062: Deploy `cert-manager` on Google Kubernetes Engine Tutorial - remove `google domains` unreviewed			4wk	4wk	4wk			author-last pr-unreviewed recv
2019		Add ENISA NIS2 reference to best practice intro			7wk	7wk	7wk			recv
2009		The flag description "Enable client cert authenticate of apiserver to webhooks." is ungrammatical/unclear			2mo	2mo
1935		add third party cert-manager-webhook-infomaniak			3mo	3mo	3mo			recv
1874		Dependency Dashboard			5mo	1d	5mo			recv
1926		Change the Cert Manager Webhook DNS01 of Hetzner Cloud			3mo	3mo	3mo			author-last pr-closed recv
1715		The ingress annotation `cert-manager.io/secret-template` is not documented Similar: #8572: Solver ingressTemplate annotations are not applied to existing Ingress resources when acme.cert-manager.io/http01-edit-in-place: 'true' is set (open)		2	11mo	11mo				contributor-last similar
1806		Tutorial depends on no longer available image of kuard		4	7mo	7mo	7mo			recv
1643		Let's Encrypt Ending Support for Notification Emails			1y	9mo	1y			recv
1620		Cert Manager allows the creation of Illegal wilcard SANs			1y	1y	1y			recv
1625		Configuration issue potentially leading to a memory leak			1y	1y	1y			recv
1546		Self upgrade PRs don't run checks			2y	6mo	2y		cybr	commented member-last
1490		GKE tutorial falsely claims it's possible to create LE certificate without domain (only IP)			2y	2y	2y			author-last recv
1596		Wrong key for cloudflare secret ref in DNS Validation tutorial page			2y	2y	2y			recv
697		[IRSA] Needs `runAsUser: 1001`			4y	2y	2y			commented member-last pr-merged send
1608		Renaming Securing NGINX-ingress to ingress-nginx			1y	1y	1y			recv
1586		Now that cert-manager 1.16 has been released, `--set config.enableGatewayAPI=true` is now the recommended approach for projects that show instructions on how to enable cert-manager's gateway API support, especially on visible projects like Cilium:			2y	2y				pr-merged
1585		Broken install instructions due wrong cert_manager_latest_version - v1.16.1			2y	2y	2y			recv
1623		Claim about v1beta1/v1alpha2 support for gateway api is misleading			1y	1y	1y			recv
944		Document how to install cert-manager in a different namespace		4	4y	2y	4y		good first issue	recv recv-q
209		Dependency Dashboard			5mo	16h	5mo			pr-merged recv
501		Error logs not very helpful		2	1y	1y	1y			recv
431		istio-csr pod healthz check fails for long time in v0.11.0 and v0.12.0			2y	1y	2y			recv recv-q
287		Getting Readiness probe failed when using cert-manager-istio-csr Similar: #84: csr readiness probe failed, istio ingress pod also failed (open)			2y	2y	2y			author-last recv recv-q similar
687		Dependency Dashboard			5mo	30min	5mo			recv
244		Populate Subject Fields in Certificate			2y	2y	2y			recv
223		False positive warnings from trivy and dependabot		7	2y	2y
153		It is possible to have several CAs within the same cluster.		3	4y	2y	2y			commented send
137		Documentation on rotating the root certificate		3	4y	1y	4y			recv recv-q
130		Document best-practices for minimal vault role configuration for istio-csr			4y	2y	4y			recv recv-q
84		csr readiness probe failed, istio ingress pod also failed Similar: #287: Getting Readiness probe failed when using cert-manager-istio-csr (open)		2	4y	2y	4y		support	recv recv-q similar
283		Document / improve that sometimes the issuer needs to set `ca.crt`			2y	2y
176		certificateDuration is not used for the Istio CSR generated certificate requests Similar: #955: Feature Request: Add option to set duration for the webhook certificate (open)			3y	8mo	3y			pr-closed recv recv-q similar
786		Apply cluster API server TLS security profile to TLS servers (incl. curves / key exchange preferences)			3wk	3wk	3wk			recv
113		Integrating with istio helm chart installs		15	4y	2y	4y			recv recv-q
869		[Feature Request] Support Annotations in Approval Policies PR#868: feat(annotations): Add annotation-based policy enforcement commented			5wk	5wk	5wk			author-last commented pr-reviewed-with-comment recv recv-q
803		Request to build images for main			3mo	6wk	6wk			commented member-last send
782		Ensuring approver-policy is ready to accept CRDs after install Similar: #837: Ensuring trust-manager is ready to accept CRDs after install (open)			4mo	4mo			good first issue	similar
761		Dependency Dashboard			5mo	16h	5mo			recv
667		Cannot create secret cert-manager-approver-policy-tls Similar: #559: Flakey Tests in pull-cert-manager-approver-policy-test (closed)			9mo	12d	12d			commented member-last send similar
466		Document How to Configure Common Scenarios			2y	2y	2y			recv
452		CRDs in the Release files		3	2y	2y	2y			recv
394		Limit number of SANs by policy			2y	2y	2y			commented member-last send
288		Feature: Take control of approval for the whole cluster		2	2y	2y	2y			commented member-last
216		Simplify configuration by creating RBAC by default PR#628: Grant cert-manager RBAC to use all policies by default unreviewed		2	3y	1y	1y		help wanted	commented contributor-last pr-merged pr-unreviewed recv-q send
203		Improve CRD fields for specifying key requirements		3	3y	1y	1y			commented member-last send
169		Webhook Custom CA			3y	1y	1y		help wanted	commented contributor-last recv-q send
962		Non-deterministic JKS/PKCS#12 bundle generation causes continuous Secret updates and restart loops with Reloader			8d	8d	8d			commented member-last send
913		Feature Request: Allow files as a source.			7wk	7wk	7wk			recv
955		Feature Request: Add option to set duration for the webhook certificate PR#961: Add duration for the webhook tls certificate new-commits Similar: #7868: Metrics for webhook certificate (open) Similar: #176: certificateDuration is not used for the Istio CSR generated certificate requests (open)			13d	8d	13d			author-last pr-new-commits recv similar
908		v0.22.0: image template does not work when installing trust-manager and cert-manager from one umbrella chart PR#951: fix: rename image helper to avoid umbrella chart conflicts unreviewed		4	2mo	19d	19d			commented member-last pr-merged pr-unreviewed send
886		Allow creating `ClusterRole` aggregations			2mo	2mo	2mo		kind/feature	recv
892		Eliminate the duplicate code for managing default trust bundle images			2mo	2mo				assigned assignee-updated pr-closed
881		Helm install fails when extraObjects contains Bundles			3mo	3mo	3mo			recv
841		Does trust-manager require cluster level permissions to read secrets?			3mo	6wk	6wk			commented member-last send
848		Request for cryptographic mechanisms used in cert-manager-trust-manager			3mo	3mo	3mo			recv
815		Support Debian Trixie for trust packages			5mo	5d			cybr	recv-q
805		Dependency Dashboard			5mo	16h	5mo			recv
778		Add option to use a specific issuer in the helm chart			6mo	3wk	6mo		lifecycle/stale	contributor-last recv
800		When creating a trust bundle with additionalFormats/pkcs12, no pkcs12 is produced			5mo	2mo	2mo			commented send
750		Feat: Emit Events on the controller Pod instead of cluster-scoped Bundle			7mo	6wk	7mo		lifecycle/stale	commented contributor-last recv
742		Add option to disable webhook in Helm chart			8mo	5mo	8mo		kind/feature	author-last commented recv
741		Using an Image Volume to deploy certifiats			8mo	1mo	8mo		lifecycle/stale	commented contributor-last send
650		Pod goes out of readiness			10mo	5wk	10mo		lifecycle/rotten	contributor-last recv
761		Feat: Add a namespaced trust bundle CRD alongside the cluster-scoped Bundle			7mo	5mo	7mo			commented contributor-last recv recv-q
592		Feature: ClusterTrustBundle as Sources Similar: #591: Feature: ClusterTrustBundle as Target (open)			1y	16d	6mo		lifecycle/stale	commented contributor-last send similar
588		Add ability to monitor validity period for CAs in bundle PR#918: add bundle metrics commented		5	1y	2mo	3mo		kind/feature help wanted	assigned assignee-updated commented pr-reviewed-with-comment send
560		Support rotated certificate sources PR#946: feat: add keepCertHistory for automatic CA cert retention on rotation commented Similar: #8378: Support `PodCertificateRequest` (open)		38	1y	4mo	1y			commented pr-reviewed-with-comment recv recv-q similar
301		Add support for kubectl installation Similar: #197: Kubectl One-line Installation Support (open)			2y	1y	2y		lifecycle/frozen	author-last commented open-milestone recv recv-q similar
245		Split Bundle controller into multiple controllers			2y	1y	1y		lifecycle/frozen	commented member-last pr-merged send
837		Ensuring trust-manager is ready to accept CRDs after install PR#900: chart: add startupapicheck to ensure trust-manager is ready after install unreviewed PR#958: feat: add startupapicheck job to ensure webhook readiness on install unreviewed Similar: #782: Ensuring approver-policy is ready to accept CRDs after install (open)			4mo	4mo			good first issue	pr-unreviewed similar
243		More flexible and better organized target specification in API		5	2y	4mo	6mo		lifecycle/frozen	commented pr-merged
591		Feature: ClusterTrustBundle as Target Similar: #592: Feature: ClusterTrustBundle as Sources (open)		12	1y	16d	6mo		lifecycle/stale	commented contributor-last pr-merged send similar
835		Helm Chart cannot set securityContext			4mo	4mo	4mo			recv
205		Allow to select multiple "trust" namespaces		49	2y	1d	10mo			commented send
142		expose bundles CRD as release artifact PR#948: release: publish trust-manager.crds.yaml as a GitHub Release artifact unreviewed		2 12	2y	4wk	9mo		help wanted lifecycle/stale	author-last commented pr-unreviewed recv recv-q
131		Feature: per namespace trust bundle		8	3y	7mo	10mo		lifecycle/frozen	commented send
99		Allow removing Bundles whilst keeping the synced CA certs		5	3y	1y	1y		lifecycle/frozen	commented member-last pr-unreviewed
222		[Feature] - Ability to inject a CA cert into a cert-manager managed secret resource		16	2y	2mo	8mo		lifecycle/stale	commented contributor-last pr-merged send
242		New version of Bundle API		2 4	2y	1y	2y		lifecycle/frozen	commented pr-closed pr-merged
39		Don't sync targets to all namespaces by default		8	3y	1y	1y		lifecycle/frozen	commented member-last open-milestone pr-merged send
60		overriding trusted namespace		10 18	3y	2mo	1y			commented recv-q send
4		Feature: By default, require only self-signed certificates in a bundle			4y	5wk	10mo		kind/feature help wanted good first issue lifecycle/rotten	commented contributor-last send
63		nit: Rename "Bundle" to "ClusterBundle"		18	3y	10mo	10mo		lifecycle/frozen	commented member-last open-milestone pr-merged send
279		Persisting identifiers for retry calls to Sign()			9mo	3mo	3mo			commented member-last send
231		### Question about Configuring Retries in cert-manager			1y	3mo	3mo			commented member-last send
204		clarify SetCAOnCertificateRequest deprecation status			1y	11mo	11mo			commented member-last send
362		Dependency Dashboard			5mo	16h	5mo			recv
583		Security Posture improvements			2mo	7d	2mo			recv recv-q
636		Cert fails to issue, but main container starts anyway			12d	12d	12d			recv
530		Dependency Dashboard			5mo	16h	5mo			recv
521		RFC: Cert-Manager CSI Driver as Secret Store Provider			5mo	5mo	5mo			recv
385		Helm Install of cert-manager-csi-driver Fails on Minikube with /dev/bus/usb Errors			1y	1y	1y			author-last recv
353		mismatch between the key and the certificate signature algorithm			1y	1y	1y			recv
267		Does cert-manager-csi-driver support AWS EKS with AWS Fargate nodes?			2y	2y	2y			recv
264		Certificate renewal doesn't change file 'modified date'			2y	2y	2y			recv
171		E2E Test Cleanup			2y	2y	2y		good first issue	commented member-last
241		Missing cert-manager.io/revision-history-limit volume attributes for CSI-Driver		6	2y	2y	2y			recv
130		JKS support		6	3y	2y	3y			recv recv-q
383		[Feature Request] Adding attributes that available in Certificate CRD to CSI Driver		6	1y	1y	1y			recv
17		ability to specify pod IP in volume attributes		8	6y	1y	5y			commented recv recv-q
256		Broken comma-separated splitting logic			2y	2y
613		Support POD_HOSTNAME as a variable			5wk	5wk	5wk			recv
411		Dependency Dashboard			5mo	16h	5mo			recv
41		The default `csiDataDir` value might collide with csi-driver			2y	7mo				contributor-last pr-merged recv-q
295		Dependency Dashboard			5mo	16h	5mo			recv
204		Support for creating certificate for wildcard route Similar: #8121: Support for Creating CertificateRequest from Kubernetes Secret (open) Similar: #56: Support for destinationCaCertificate / Reencrypt Routes (open)			10mo	5mo	10mo			recv similar
306		[FEATURE]Enable setting private key encoding via annotation PR#303: feat: add support for setting private key encoding commented			5mo	5mo	5mo		kind/feature	author-last pr-reviewed-with-comment recv
174		Standby Replicas without lease use lots of CPU			1y	1y	1y			recv
116		Release static manifests (no helm) for v0.6.0-alpha.0+		2	2y	2y	2y			recv
58		certificate cannot be renewed, error message: "key does not match certificate"		4	2y	2y	2y			recv recv-q
56		Support for destinationCaCertificate / Reencrypt Routes Similar: #8767: Add support for CRLDistributionPoints on Certificate resources (open) Similar: #204: Support for creating certificate for wildcard route (open)		2	2y	2y	2y			recv similar
38		Route with cert-manager annotations is not created		4	2y	11mo	2y			commented send
54		Same certificate in path based Routes		3	2y	1y	2y			pr-closed recv
70		OLM deployment with ArgoCD is OutOfSync			3y	3y	3y			commented send
46		Cert-manager operator fails to issue certificates			4y	4y	4y			recv
17		Operator prevents passing extraArgs helm value		7	5y	3y	5y			recv recv-q
22		Customize the deployment of cert-manager installed via OLM		5 6	5y	2y	4y			commented recv recv-q
74		Consistency issues due to the use of mount binds			1y	5d	1y			commented recv recv-q
144		Dependency Dashboard			5mo	16h	5mo			recv
40		Optional auto rotating/renewing certificates Similar: #8085: Feature Request: Add annotation to disable automatic certificate renewal (open)			3y	2y	3y			contributor-last recv recv-q similar
56		Struggling to get controller running in local KIND cluster			1y	1y	1y			commented member-last send
100		Dependency Dashboard			5mo	12h	5mo			recv
63		Is it possible to only create Issuer and remove the CluserIssuer			11mo	11mo	11mo			recv
62		Limit the controller-manager to access secrets only from specific namespace			11mo	11mo	11mo			recv
361		Dependency Dashboard			5mo	31min	5mo			recv
122		asdf cmctl installer issues		2	2y	2y	2y			author-last commented recv
65		Dependency Dashboard			5mo	20h	5mo			recv
59		Process regarding worrying emails sent to the maintainers mailing list			8mo	8mo	8mo			commented member-last
1125		Dependency Dashboard			5mo	4h	5mo			recv
487		Dependency Dashboard			5mo	31min	5mo			recv
295		`make generate-golangci-lint-config` clobbers local exclusions added to the local config.			11mo	11mo
202		Makefile Modules, Go Versions and Vendoring			2y	2y	2y			commented contributor-last
154		Publish SBOMs			2y	2y	2y		kind/feature good first issue	commented member-last send
481		Embed go version in `go install` binaries in cache			5mo	5mo
451		Re-enable testing with specific kubernetes versions in subprojects			6mo	6mo	6mo		cybr	commented member-last send
25		helm-tool inject sometimes omits the context (prefix) of commented out values in the generated markdown			2y	2y			kind/bug	contributor-last
202		Dependency Dashboard			5mo	16h	5mo			recv
26		helm-tool inject adds trailing white space to the generated markdown			2y	2y			kind/bug
63		CNCF-paid GitHub Actions runners			6mo	5mo	5mo			commented member-last
64		Open Standup: Updating an event didn't send new invitations to already registered people			5mo	5mo	5mo			commented member-last send
60		Lazy vote: Zoom for standup meetings to be able to add the standups to the LFX calendar			6mo	6mo	6mo			commented member-last
62		Lazy vote: Enhancing the triaging process			6mo	6mo
35		Post-Graduation Suggestion Tracker			2y	2y	2y			commented member-last pr-merged
81		How to enable leader election in the webhook?			1y	1y	1y			recv
80		How to deal with K8s timelimit in 30s ?			1y	1y	1y			recv
74		Why cert-manager looks for a CNAME record instead of a TXT record?			2y	2y	2y			recv
46		Code reference a pull request to be merged, but the pull request was closed by a robot			3y	2mo	3y			recv
2		Set up basic e2e test that deploys the webhook and ensures we can POST a challenge			7y	7mo				contributor-last pr-closed recv-q
37		Add logging example			4y	2y	4y			pr-closed recv
72		readyz and healthz api			2y	2y	2y			recv
92		Dependency Dashboard			5mo	16h	5mo			recv
24		Dependency Dashboard			5mo	2d	5mo			recv
8		Find solution for automatically disabled GitHub Actions			2y	2y
22		Dependency Dashboard			5mo	6d	5mo			recv
18		Feature: Git bundles?			1y	1y
7		Dependency Dashboard			5mo	8d	5mo			recv
375		Dependency Dashboard			5mo	16h	5mo			recv
361		[Helm] allow `enabled` as key in values schema			6mo	6mo	6mo			recv
197		Kubectl One-line Installation Support Similar: #301: Add support for kubectl installation (open)			2y	2y	2y			commented member-last send similar
162		Issue: Broken config when using commonLabels			2y	2y	2y			recv
487		Helm chart `image` named template conflicts with cert-manager 1.20.x		2	3wk	2d	19d			commented pr-closed recv-q send
148		Certificate chain is not split correctly PR#159: Split certificate chain commented		5	2y	2y	2y			author-last pr-reviewed-with-comment recv recv-q
133		Allow to use a custom Service Account PR#143: feat: allow creating or reusing an existing sa unreviewed		5	2y	2y	2y			pr-unreviewed recv
485		[Feature Request] Propagate Kubernetes Metadata to Google Cloud CAS Labels PR#486: feat: propagate Kubernetes metadata to Google CAS labels commented			3wk	3wk	3wk			pr-reviewed-with-comment recv
102		certificate renewal does not work in due to auth issue to privatecaapi end point			3y	2y	3y			recv

Uncommented older than 7 days (158)

Resolution: Add a priority/ or triage/ label

Average age: 551.3d, Avg wait: 501.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8121		Support for Creating CertificateRequest from Kubernetes Secret Similar: #8378: Support `PodCertificateRequest` (open) Similar: #7829: Support to auto delete Certificaterequest (open) Similar: #204: Support for creating certificate for wildcard route (open)			7mo	12d	7mo		kind/feature lifecycle/stale triage/needs-information	contributor-last recv recv-q similar
8085		Feature Request: Add annotation to disable automatic certificate renewal Similar: #40: Optional auto rotating/renewing certificates (open)			7mo	5wk	7mo		priority/important-longterm lifecycle/stale	contributor-last pr-closed recv similar
8058		Cert-manager fails to import ECDSA private keys generated by openssl PR#8187: fix: add case for parsing key with ec parameters changes-requested			8mo	5wk	8mo		kind/bug priority/important-longterm lifecycle/stale	contributor-last pr-changes-requested recv
6820		Ongoing dependency evaluation			2y	2y	2y		lifecycle/frozen priority/important-longterm	contributor-last recv
6741		ACME account private key and URI are not updated if the path of the ACME server is changed PR#8631: fix(acme): detect server URL path changes for account re-registration unreviewed		7	2y	5mo	2y		lifecycle/frozen kind/bug priority/important-soon	pr-unreviewed recv
6472		Create TLSA records automatically		15	2y	3mo	2y		kind/feature priority/backlog	contributor-last recv
5917		Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated		43	3y	5wk	3y		kind/bug priority/important-longterm	assigned assignee-updated recv recv-q
5751		Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together PR#8639: fix(dns01): don't follow wildcard CNAMEs for challenge domain unreviewed		2	3y	6mo	3y		lifecycle/frozen kind/bug priority/important-soon	author-last pr-closed pr-unreviewed recv recv-q
5540		Changelog annotations to chart			3y	3mo	3y		kind/feature priority/backlog	author-last recv
1549		Brand guideline page			2y	2y	2y		priority/backlog	contributor-last recv
1473		Add ArtifactHub packages to website			2y	2y	2y		priority/backlog	recv
1063		"Securing Ingresses with Venafi" tutorial contains link to missing manifest			3y	2y	3y		priority/important-longterm	author-last pr-merged recv
850		Document available cert-manager Prometheus metrics			4y	3y	4y		documentation good first issue priority/important-longterm	recv recv-q
354		DigitalOcean access-token should not be base64-encoded			5y	5y	5y		priority/awaiting-more-evidence	author-last recv recv-q
237		docs for ACMEChallengeSolverHTTP01Ingress doesn't specify what `class` values are available			5y	5y	5y		priority/backlog kind/documentation	contributor-last pr-closed recv
197		Document ACME account mismatch PR#2023: Adds troubleshooting guide for host missmatch error unreviewed			6y	1y	6y		good first issue priority/backlog kind/documentation	pr-unreviewed recv recv-q
130		FAQ: How does cert-manager handle ingresses with valid TLS secrets?			6y	5y	6y		help wanted priority/backlog kind/documentation	contributor-last recv
76		Upgrading from v0.10 to v0.11 - missing cainjector annotation			6y	5y	6y		priority/backlog kind/documentation	contributor-last recv
3		Restrict operator RBAC permissions			6y	2y	6y		priority/backlog	pr-merged recv
83		As cmctl user, I want to use different kubectl context on command line ( --context='kubectl-context-abc' )		4	2y	2y	2y		priority/important-longterm	recv
690		Clean up Presets			4y	2y	4y		priority/backlog	pr-merged recv
594		Document infra image bumps and versioning			4y	2y	4y		priority/backlog	recv
38		Set repository to be a GitHub template repository			4y	2y	4y		priority/important-longterm	recv
135 previously listed items omitted

Important soon, but no updates in 90 days (15)

Resolution: Downgrade to important-longterm

Average age: 1318.2d, Avg wait: 98.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6741		ACME account private key and URI are not updated if the path of the ACME server is changed PR#8631: fix(acme): detect server URL path changes for account re-registration unreviewed		7	2y	5mo	2y		lifecycle/frozen kind/bug priority/important-soon	pr-unreviewed recv
6709		1.14 Release Review		3	2y	2y	2y		lifecycle/frozen priority/important-soon	commented contributor-last send
6331		CSR not signed by referenced private key		10	2y	5mo	2y		lifecycle/frozen kind/bug priority/important-soon	commented contributor-last recv-q send
3992		Add non-CRD yaml file		4	5y	5mo	2y		priority/important-soon area/deploy	author-last commented recv
5298		Complete the Migration Away From Jetstack Names			3y	2y	2y		lifecycle/frozen kind/cleanup priority/important-soon	commented member-last send
5751		Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together PR#8639: fix(dns01): don't follow wildcard CNAMEs for challenge domain unreviewed		2	3y	6mo	3y		lifecycle/frozen kind/bug priority/important-soon	author-last pr-closed pr-unreviewed recv recv-q
3381		Setup separate package for cert-manager API		5	5y	1y	1y		lifecycle/frozen kind/feature priority/important-soon	assigned assignee-updated commented member-last send
5867		Controller can't handle hitting request rate limits of zerossl ACME API		7 12 31	3y	1y	2y		lifecycle/frozen kind/bug priority/important-soon	commented pr-closed pr-merged recv-q send
7234		AWS Route53: Stale/Stuck Challenges should be deleted after a given timeout PR#7897: wip: add retry mechanism for challenge solver whenever we detect unauthorized error commented		4	2y	5mo	2y		kind/bug priority/important-soon	assigned assignee-updated commented contributor-last pr-closed pr-merged pr-reviewed-with-comment recv recv-q
1425		The `issuer.vault.spec.caBundleSecretRef` docs are missing			2y	2y			priority/important-soon
955		Document when the vault pki role required setting `require_cn=false`		2	4y	2y			priority/important-soon
802		Spelling errors are unclear in pull request CI results and spell checker is unmaintained			4y	2y			kind/bug priority/important-soon	contributor-last pr-merged
195		Document keystores			6y	3y	5y		priority/important-soon kind/documentation	commented contributor-last send
174		Add documentation for CRD conversion webhook ca injection			6y	5y	5y		help wanted priority/important-soon kind/documentation	commented member-last send
127		cmctl version reports only the old CRD version if I upgrade cert-manager without including the CRDs			2y	2y			priority/important-soon

Important longterm, but no updates in 180 days (21)

Resolution: Downgrade to backlog

Average age: 1501.6d, Avg wait: 269.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6969		Should upgrade status managed fields from CSA to SSA when ServerSideApply feature gate enabled			2y	2y	2y		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last send
6051		Detecting Gateway hostnames based on attached HTTPRoutes		7 33	3y	9mo	10mo		lifecycle/frozen kind/feature priority/important-longterm	commented pr-merged send
4950		General flakiness of our end-to-end suite		3	4y	2y	3y		lifecycle/frozen priority/important-longterm kind/flake	commented member-last pr-closed pr-merged send
4685		Unexpected EOF during watch stream event decoding: unexpected EOF -- possibly due to api server upgrades / restarts		12	4y	6mo	7mo		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last recv
4191		Setting default values for Pod's "resources"?		7	4y	2y	2y		lifecycle/frozen priority/important-longterm	commented contributor-last recv-q send
3521		Integration with ExternalDNS		4 52	5y	8mo	1y		help wanted lifecycle/frozen kind/feature priority/important-longterm	commented recv-q
2178		Handling 'unregistering' certificates from Venafi TPP		22	6y	2y	2y		lifecycle/frozen kind/feature priority/important-longterm area/venafi	commented member-last send
2525		Better support multi-namespace & single-namespace deployments Similar: #7684: Add support for namespaced deployment (open)		29	6y	1y	2y		lifecycle/frozen kind/feature priority/important-longterm area/deploy	commented contributor-last pr-closed send similar
1186		Document that/why we don't use Helm's CRD installation mechanism			3y	2y	2y		good first issue priority/important-longterm kind/documentation	assigned assignee-updated commented member-last send
975		Some pages do not make it clear what the user should read next			4y	2y			priority/important-longterm
401		Bring tutorials up to date			5y	3y	3y		priority/important-longterm	commented member-last send
223		Document wildcard certificate tutorial			6y	5y	6y		priority/important-longterm kind/documentation	commented contributor-last send
58		Support injection pem into an existing configmap PR#395: WIP: feat: inject bundle data into configmap unreviewed		8	3y	1y	1y		priority/important-longterm lifecycle/frozen	assigned assignee-updated commented member-last pr-closed pr-merged pr-unreviewed send
129		Increase e2e test timeouts			2y	2y			priority/important-longterm
98		Document new release process for all repos			2y	2y			priority/important-longterm	assigned
3		Make unit testing easier/make examples work			7y	2y	4y		priority/important-longterm	commented member-last pr-closed send
5 previously listed items omitted: #6820 #1063 #850 #83 #38

Pull Requests: Review Ready (83)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 160.0d, Avg wait: 96.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8761		feat: Add `--acme-http01-solver-extra-labels` for propagating custom labels to ACME HTTP01 solver resources		3	13d	1h	1h		release-note size/XL area/api kind/feature area/acme dco-signoff: yes area/acme/http01 area/deploy	assigned commented member-last reviewed-with-comment
8778		fix(deps): update cloud go deps (master)			2d	4h	2d		release-note-none size/S kind/cleanup dco-signoff: yes ok-to-test dependencies	contributor-last recv recv-q unreviewed
8781		Document the conservative ACME challenge scheduler key			1d	10h	10h		release-note-none size/M area/acme dco-signoff: yes needs-kind	commented member-last reviewed-with-comment
8760		acmechallenges: retry on transient ACME errors			13d	4d	8d		size/L release-note kind/bug area/acme dco-signoff: yes ok-to-test	author-last commented new-commits recv
8766		feat: add per-solver DNS01 nameserver configuration			8d	2d	3d		release-note size/XL area/api kind/feature area/acme dco-signoff: yes area/acme/dns01 area/deploy	commented contributor-last recv reviewed-with-comment
8757		Disabling client-go rate-limiting if AP&F is enabled			15d	5d	5d		size/L release-note kind/feature dco-signoff: yes	collaborator-last commented new-commits
8697		fix: retry ACME challenge on timeout, closes #8696			4wk	7d	4wk		release-note size/S kind/bug needs-ok-to-test area/acme dco-signoff: yes	contributor-last recv recv-q reviewed-with-comment
8687		Normalize challenge reason in certmanager_certificate_challenge_status metric			5wk	13d	5wk		size/L release-note-none needs-ok-to-test dco-signoff: yes needs-kind	author-last recv recv-q reviewed-with-comment
8534		feat: add --dns01-timeout flag to make DNS01 provider API timeout configurable			2mo	19d	2mo		release-note area/api needs-ok-to-test size/M area/acme dco-signoff: yes area/acme/dns01 needs-kind	contributor-last recv recv-q unreviewed
8736		scheduler: allow parallel challenges with different HTTP01 ingress classes or DNS01 providers			3wk	3wk	3wk		size/L release-note kind/bug needs-ok-to-test area/acme dco-signoff: yes area/testing	contributor-last recv recv-q unreviewed
8574		feat(design): proposed ari design			2mo	4wk	4wk		size/L release-note-none kind/design dco-signoff: yes	commented new-commits
8648		fix: for ACME challenge scheduler, allow parallel challenges with dif…			7wk	5wk	7wk		release-note kind/bug needs-ok-to-test size/M area/acme dco-signoff: yes	assigned assignee-updated contributor-last recv recv-q unreviewed
8485		Adds Sign API call metric for the Vault issuer.			3mo	6wk	3mo		size/L release-note kind/feature needs-ok-to-test dco-signoff: yes area/monitoring	author-last recv recv-q unreviewed
5743		Add MaxPathLen and add EncodeBasicConstraintsInRequest option to Certificate and CertificateRequest resources			3y	7wk	7wk		size/L release-note area/api kind/cleanup dco-signoff: yes area/testing ok-to-test area/deploy	commented member-last reviewed-with-comment
8594		Fix typo "commonname" in PreferredChain field comment			2mo	2mo	2mo		release-note-none size/S area/api kind/cleanup needs-ok-to-test dco-signoff: yes area/deploy	contributor-last recv recv-q unreviewed
7289		Design proposal for delayed certificate activation			2y	2mo	1y		size/L release-note-none kind/design needs-ok-to-test lifecycle/rotten dco-signoff: yes	commented contributor-last recv recv-q reviewed-with-comment
8395		Clarify code around DNS01 Self Check			4mo	2mo	2mo		release-note-none kind/cleanup size/M area/acme dco-signoff: yes ok-to-test area/acme/dns01	author-last commented recv recv-q reviewed-with-comment
7733		fixes #5864: cert-manager CA to issue certs after verify with CA Certs Validity			1y	2mo	11mo		size/L release-note kind/bug kind/feature lifecycle/rotten dco-signoff: yes ok-to-test	commented contributor-last new-commits recv recv-q
8480		Add Subject Key Identifier (SKI) to issued certificates		3	3mo	2mo	3mo		size/L release-note kind/feature dco-signoff: yes area/testing ok-to-test	author-last commented new-commits recv
8464		improve dynamic source serving certificate renewal logic			3mo	3mo	3mo		release-note kind/bug size/M dco-signoff: yes ok-to-test	commented contributor-last recv unreviewed
8367		feat(helm) add startupProbe and readinessProbe to cert-manager-controller			4mo	4mo	4mo		release-note-none kind/feature needs-ok-to-test size/M dco-signoff: yes area/deploy	commented contributor-last recv recv-q unreviewed
8262		Bugfix #7388 kid missing issue with Infisical ACME server or any other ACME that requires EAB			5mo	4mo	5mo		size/L release-note needs-ok-to-test area/acme dco-signoff: yes needs-kind	author-last commented recv unreviewed
2097		Clarify ACME challenge scheduling behaviour			10h	10h	10h		dco-signoff: yes size/M	commented member-last new-commits
2077		fix(deps): update dependency copy-to-clipboard to v4			18d	1d	18d		dco-signoff: yes size/S ok-to-test dependencies	recv recv-q unreviewed
2084		chore(deps): update dependency @eslint-react/eslint-plugin to v5			11d	1d	11d		dco-signoff: yes size/L ok-to-test dependencies	recv recv-q unreviewed
2093		chore(deps): update misc npm packages to v4.3.0			1d	1d	1d		dco-signoff: yes size/L ok-to-test dependencies	recv recv-q unreviewed
2092		docs: add infomaniak third party provider			2d	2d	2d		size/XS dco-signoff: yes	recv recv-q unreviewed
2091		Bump fast-uri from 3.1.0 to 3.1.2 in the npm_and_yarn group across 1 directory			4d	4d	4d		dco-signoff: yes size/L dependencies javascript	recv recv-q unreviewed
2064		docs: add NetworkPolicy example manifests			3wk	3wk	3wk		dco-signoff: yes size/L	recv recv-q unreviewed
2041		docs: link HTTP01 guide to network policy requirements			5wk	5wk	5wk		dco-signoff: yes size/M	recv recv-q unreviewed
2004		Add adcs-issuer (lcwsre) to external issuers list			2mo	6wk	2mo		dco-signoff: yes size/L	author-last recv recv-q unreviewed
2020		docs: add ENISA NIS2 reference to best practice intro			7wk	6wk	7wk		dco-signoff: yes size/M	recv recv-q unreviewed
2023		Adds troubleshooting guide for host missmatch error			7wk	7wk	7wk		size/XS dco-signoff: yes	recv recv-q unreviewed
1909		docs: add ACK RRSA supported AliDNS webhook			4mo	2mo	3mo		size/XS dco-signoff: yes	author-last commented new-commits recv
1587		Custom Certificate Support for cert-manager Webhook Endpoint			2y	2mo	2y		dco-signoff: yes size/S	recv recv-q unreviewed
1602		acme troubleshooting: how to fix errored challenges			1y	2mo	1y		size/XS dco-signoff: yes	contributor-last recv recv-q reviewed-with-comment
298		chore(deps): pin nginx docker tag to 1881968			4d	3d	4d		dco-signoff: yes size/XS dependencies ok-to-test	contributor-last recv recv-q unreviewed
294		fix(deps): update module google.golang.org/api to v0.279.0			7d	16h	7d		dco-signoff: yes size/XS dependencies ok-to-test	contributor-last recv recv-q unreviewed
295		chore(deps): update gcr.io/cloud-builders/git docker digest to d561ea8 Similar: #158: chore(deps): update docker.io/golang:1.26 docker digest to 633d23b (open)			6d	6d	6d		dco-signoff: yes size/XS dependencies ok-to-test	contributor-last recv recv-q similar unreviewed
296		chore(deps): update docker.io/library/golang:1.26-alpine docker digest to 91eda97 Similar: #158: chore(deps): update docker.io/golang:1.26 docker digest to 633d23b (open)			5d	5d	5d		dco-signoff: yes size/XS dependencies ok-to-test	contributor-last recv recv-q similar unreviewed
290		Add OCI signing as part of existing publish pipeline			3wk	3wk			dco-signoff: yes size/L	recv-q reviewed-with-comment
768		Add unit tests for pkg/tls Provider			6wk	15d	6wk		dco-signoff: yes size/L needs-ok-to-test	author-last recv recv-q unreviewed
788		fix(deps): update kubernetes go deps Similar: #968: fix(deps): update kubernetes go patches to v0.36.1 (open) Similar: #118: fix(deps): update kubernetes go deps to v0.36.1 (open)			2wk	16h	2wk		dco-signoff: yes size/M ok-to-test dependencies	contributor-last recv recv-q similar unreviewed
769		Fix HasIssuerConfig to use RLock instead of Lock			6wk	15d	6wk		dco-signoff: yes size/XS needs-ok-to-test	author-last recv recv-q unreviewed
637		Fix/chartadditional annotations for cli args			7mo	2mo	7mo		dco-signoff: yes size/XS ok-to-test	commented contributor-last recv recv-q reviewed-with-comment
901		fix(deps): update module github.com/google/cel-go to v0.28.1			20h	20h	20h		dco-signoff: yes size/XS ok-to-test dependencies	contributor-last recv recv-q unreviewed
868		feat(annotations): Add annotation-based policy enforcement			5wk	5wk	5wk		dco-signoff: yes size/L	author-last recv recv-q reviewed-with-comment
961		Add duration for the webhook tls certificate			8d	1d	5d		dco-signoff: yes ok-to-test size/S	author-last commented new-commits recv
958		feat: add startupapicheck job to ensure webhook readiness on install			12d	12d	12d		needs-ok-to-test size/XL dco-signoff: no	contributor-last recv recv-q unreviewed
946		feat: add keepCertHistory for automatic CA cert retention on rotation			2wk	15d	2wk		dco-signoff: yes needs-ok-to-test size/XXL	recv recv-q reviewed-with-comment
948		release: publish trust-manager.crds.yaml as a GitHub Release artifact			18d	18d	18d		dco-signoff: yes size/M needs-ok-to-test	contributor-last recv recv-q unreviewed
900		chart: add startupapicheck to ensure trust-manager is ready after install			2mo	2mo	2mo		dco-signoff: yes needs-ok-to-test size/XL	contributor-last recv recv-q unreviewed
683		feat: Add a very basic pre-commit configuration			9mo	2mo	8mo		dco-signoff: yes size/XS lifecycle/stale	commented contributor-last new-commits
968		fix(deps): update kubernetes go patches to v0.36.1 Similar: #788: fix(deps): update kubernetes go deps (open) Similar: #153: fix(deps): update kubernetes go deps (open) Similar: #118: fix(deps): update kubernetes go deps to v0.36.1 (open)			16h	16h	16h		dco-signoff: yes size/M ok-to-test dependencies skip-review	contributor-last recv recv-q similar unreviewed
188		Remove SetCertificateRequestConditionError		3	1y	2mo	2mo		dco-signoff: yes size/XXL	commented member-last new-commits
642		fix: allow disabling PKCS12 without password			2d	2d	2d		dco-signoff: yes size/M needs-ok-to-test	contributor-last recv recv-q unreviewed
510		fix(deps): update module sigs.k8s.io/controller-runtime to v0.24.1			22h	22h	22h		dco-signoff: yes size/XS ok-to-test dependencies skip-review	contributor-last recv recv-q unreviewed
477		Mark SAN extension critical in SPIFFE CSRs for RFC 5280 and AWS PCA compliance			2mo	6d	6wk		dco-signoff: yes size/M ok-to-test	author-last commented recv recv-q unreviewed
148		limit-namespaces for namespace-scope deployments			1y	5wk	1y		dco-signoff: no size/S needs-ok-to-test	contributor-last recv recv-q unreviewed
303		feat: add support for setting private key encoding Similar: #8585: feat: support ECC keys for ACME account private keys (open)			5mo	4mo	5mo		dco-signoff: yes size/L needs-ok-to-test	recv recv-q reviewed-with-comment similar
211		Fix: concurrent NodePublishVolume calls could mount volume without certificates			11d	11d	11d		dco-signoff: yes size/L needs-ok-to-test	contributor-last recv recv-q unreviewed
71		Refactor filesystem.go and adapt tests to use a real file system			1y	10mo	10mo		dco-signoff: yes size/L	commented member-last reviewed-with-comment
153		fix(deps): update kubernetes go deps Similar: #968: fix(deps): update kubernetes go patches to v0.36.1 (open) Similar: #118: fix(deps): update kubernetes go deps to v0.36.1 (open)			2wk	16h	2wk		dco-signoff: yes size/L dependencies ok-to-test	contributor-last recv recv-q similar unreviewed
158		chore(deps): update docker.io/golang:1.26 docker digest to 633d23b Similar: #296: chore(deps): update docker.io/library/golang:1.26-alpine docker digest to 91eda97 (open) Similar: #295: chore(deps): update gcr.io/cloud-builders/git docker digest to d561ea8 (open)			5d	12h	5d		dco-signoff: yes size/XS dependencies ok-to-test	contributor-last recv recv-q similar unreviewed
70		chore(deps): update terraform google to v7.32.0 Similar: #609: chore(deps): update tools (open)			7wk	20h	7wk		dco-signoff: yes size/XS dependencies ok-to-test	contributor-last recv recv-q similar unreviewed
69		Add KubeCon infrastructure			7wk	4wk			dco-signoff: yes size/L	contributor-last recv-q unreviewed
1169		Update k8s-infra-prow images, k8s-staging-test-infra images, cert-manager-infra-images images as needed			3wk	22h	3wk		dco-signoff: yes size/M	contributor-last recv recv-q unreviewed
1174		fix(deps): update module google.golang.org/api to v0.279.0			7d	16h	7d		size/XS dco-signoff: yes ok-to-test dependencies	contributor-last recv recv-q unreviewed
1175		docs: fix typo succesfully -> successfully			2d	2d	2d		size/XS dco-signoff: yes needs-ok-to-test	contributor-last recv recv-q unreviewed
1172		feat(prow): adding 1.36 jobs for testing			2wk	19d	2wk		size/L dco-signoff: yes	contributor-last recv recv-q reviewed-with-comment
549		Split (helm) generate-crds target			2mo	2mo	2mo		dco-signoff: yes size/M	commented member-last reviewed-with-comment
55		feat: add test module			2y	2y	2y		dco-signoff: yes size/M	commented contributor-last recv reviewed-with-comment
470		feat(helm): adding `helm-diff` target			6mo	5mo	5mo		dco-signoff: yes size/S cybr ok-to-test	commented contributor-last new-commits recv recv-q
69		Add auditing tool for confirming who has access to the cert-manager org			7wk	7wk			dco-signoff: yes size/XL	contributor-last recv-q unreviewed
64		Add imagePullSecrets to template			2y	2y	2y		size/XS dco-signoff: yes needs-ok-to-test	contributor-last recv unreviewed
59		cleanup: remove unused NOTES.txt file			2y	2y	2y		size/XS dco-signoff: yes needs-ok-to-test	contributor-last recv unreviewed
118		fix(deps): update kubernetes go deps to v0.36.1 Similar: #788: fix(deps): update kubernetes go deps (open) Similar: #153: fix(deps): update kubernetes go deps (open) Similar: #968: fix(deps): update kubernetes go patches to v0.36.1 (open)			2wk	16h	2wk		dco-signoff: yes size/L ok-to-test dependencies	contributor-last recv recv-q similar unreviewed
1		Manage the cert-manager GitHub organisation from this repo			2y	2y	2y		dco-signoff: yes size/XXL	commented member-last unreviewed
82		chore(deps): update sigstore/cosign-installer action to v4.1.2			6d	1d	6d		dco-signoff: yes size/XS dependencies ok-to-test	contributor-last recv recv-q unreviewed
13		Various QA fixes			2mo	2mo	2mo		dco-signoff: yes size/L needs-ok-to-test	author-last commented new-commits recv
4		Add support for custom license templates			2y	9mo			dco-signoff: yes size/S	contributor-last recv-q unreviewed
345		chore: add existing securityContext settings to values Similar: #836: Set securityContext and podSecurityContext in values (open)			6mo	6mo	6mo		size/M dco-signoff: yes	contributor-last recv recv-q similar unreviewed
141		re-adding required clusterrole permission			2y	1y	2y		size/XS	author-last recv unreviewed

Unkinded Issues (230)

Resolution: Add a kind/ or triage/support label

Average age: 662.9d, Avg wait: 294.9d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
7895		if certificate is already expired, it shown like a True PR#8529: fix: schedule readiness re-evaluation at certificate expiry time new-commits		2	9mo	3wk	3wk		help wanted priority/important-soon	collaborator-last commented pr-closed pr-new-commits pr-unreviewed send
7699		Adding Helm Unittest to all certmanager projects Similar: #8668: Add helm unit tests for cert-manager chart (closed)			1y	4d	4d		priority/backlog	assigned assignee-updated commented member-last send similar
6799		ACME challenges stopped working after 1.13/1.14 update			2y	2mo	2y		priority/critical-urgent lifecycle/rotten	commented contributor-last recv recv-q
5861		cert manager API showing error - "x509: certificate has expired or is not yet valid" PR#8464: improve dynamic source serving certificate renewal logic unreviewed Similar: #7864: failed to call webhook: certificate has expired or is not yet valid (open)		3	3y	4mo	4mo		good first issue lifecycle/frozen priority/important-longterm	assigned assignee-updated commented contributor-last pr-unreviewed send similar
6179		CRDs shouldn't be templated in Helm		5 2 31	2y	1mo	8mo		priority/backlog lifecycle/stale	commented recv-q send
1262		v1.9 to v1.10 upgrade instructions does not mention container name change			2y	1y	2y		priority/backlog	assigned assignee-updated commented member-last send
1101		Feature request for updating documentation.			3y	2y	2y		priority/backlog	commented member-last send
1194		Confusing paragraph - cert-manager integration.			3y	5wk	2y		documentation priority/important-longterm	commented contributor-last pr-merged send
320		Document how to install cert-manager using gitops and known issues with particular gitops implementations		5	5y	2y	5y		documentation help wanted priority/backlog	commented pr-merged recv-q
2		Set up periodic job to publish an experimental release build			6y	5y			priority/backlog	assigned contributor-last
964		Missing "SSL.com TLS RSA Root CA 2022" in the Default CA bundle			5d	5d	5d			recv
297		Allow all resources to be namespaced		7	2y	1mo	7mo		priority/backlog lifecycle/stale	commented contributor-last send
33		Support CRDs as target		5	3y	4wk	10mo		lifecycle/rotten priority/backlog	commented contributor-last send
45		Unable to mount and read only file error		5	4y	2y	2y		priority/awaiting-more-evidence	commented send
132		Investigate test timeouts			2y	2y			priority/backlog
33		Create e2e test to validate CertificateRequest garbage collection			3y	2y	2y		priority/backlog	assigned commented member-last send
81		Configuring Peribolos for Github org management			7y	2y	2y		priority/backlog	commented member-last send
3		Migrating all cert-manager projects to "Makefile modules"			2y	5mo	10mo		priority/backlog	commented member-last
43		Allow non-Venafi employee maintainers full release capabilities		3	1y	5mo	5mo		priority/backlog	assigned assignee-updated commented member-last
27		failed with: OpenAPI spec does not exist		2 6	5y	2y	2y		priority/critical-urgent	commented pr-closed pr-unreviewed send
500		Feature Request: Support for Failover / Secondary CA Pool in GoogleCASIssuer			6d	6d	6d			recv
209 previously listed items omitted

Unprioritized Recent Issues (264)

Resolution: Add a priority/ or triage/ label

Average age: 467.2d, Avg wait: 230.9d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8776		When performing DNS challenges, the Describe Domains interface is subject to rate limiting			2d	2d	2d		kind/bug	recv
263 previously listed items omitted

Uncommented Recent Issues (3)

Resolution: Add a comment

Average age: 4.9d, Avg wait: 4.9d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
3 previously listed items omitted: #8776 #964 #500

New, has multiple reactions, but not important-soon: No matching items

New, has multiple commenters, but not important-soon: No matching items

needs information, has update (1)

Resolution: Comment and remove triage/needs-information tag

Average age: 226.1d, Avg wait: 222.3d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8121		Support for Creating CertificateRequest from Kubernetes Secret Similar: #8378: Support `PodCertificateRequest` (open) Similar: #7829: Support to auto delete Certificaterequest (open) Similar: #204: Support for creating certificate for wildcard route (open)			7mo	12d	7mo		kind/feature lifecycle/stale triage/needs-information	contributor-last recv recv-q similar

Unprioritized issues older than 7 days (261)

Resolution: Add a priority/ or triage/ label

Average age: 472.5d, Avg wait: 233.5d

Uncommented older than 7 days (158)

Resolution: Add a priority/ or triage/ label

Average age: 551.3d, Avg wait: 501.5d

Important soon, but no updates in 90 days (15)

Resolution: Downgrade to important-longterm

Average age: 1318.2d, Avg wait: 98.5d

Important longterm, but no updates in 180 days (21)

Resolution: Downgrade to backlog

Average age: 1501.6d, Avg wait: 269.2d

Pull Requests: Review Ready (83)

Resolution: Review requests or mark them as do-not-merge/work-in-progress

Average age: 160.0d, Avg wait: 96.7d

Unkinded Issues (230)

Resolution: Add a kind/ or triage/support label

Average age: 662.9d, Avg wait: 294.9d

Unprioritized Recent Issues (264)

Resolution: Add a priority/ or triage/ label

Average age: 467.2d, Avg wait: 230.9d

Uncommented Recent Issues (3)

Resolution: Add a comment

Average age: 4.9d, Avg wait: 4.9d

needs information, has update (1)

Resolution: Comment and remove triage/needs-information tag

Average age: 226.1d, Avg wait: 222.3d

Recently updated issue has a question (3)

Resolution: Add an answer

Average age: 335.5d, Avg wait: 177.1d