generic Quarterly Scrub :: Triage Party

Once every quarter, look for stale issues, reprioritize, and de-duplicate.

Issues nearing expiration (23)

Resolution: Close or label as frozen

Average age: 433.2d, Avg wait: 135.1d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8086		ACME ClusterIssuer not recovering after Vault restart			7mo	4wk	7mo		kind/bug lifecycle/stale	contributor-last recv
8082		EOF during self check with Pomerium			7mo	4wk	7mo		lifecycle/stale	contributor-last recv
8085		Feature Request: Add annotation to disable automatic certificate renewal Similar: #40: Optional auto rotating/renewing certificates (open)			7mo	11d	7mo		priority/important-longterm lifecycle/stale	contributor-last pr-closed recv similar
8023		ACME issuer fails when CA includes Name Constraints with x509: unhandled critical extension			7mo	6wk	7mo		lifecycle/stale	commented contributor-last recv recv-q
7914		Output tls.crt in CA cert to another secret			8mo	2mo	8mo		kind/feature lifecycle/stale	contributor-last recv
7879		Remove no-op certificate metrics controller			8mo	11d	8mo		kind/feature priority/backlog lifecycle/stale	assigned assignee-updated commented contributor-last
7862		Requesting a certificate from ZeroSSL sometimes takes more than 10 minutes to complete		7	9mo	16d	9mo		kind/bug lifecycle/stale	contributor-last recv
7845		ClusterIssuer.cert-manager.io "letsencrypt" is invalid: spec.acme.privateKeySecretRef: Required value...		6	9mo	3wk	7mo		kind/bug priority/awaiting-more-evidence lifecycle/stale area/acme triage/needs-information	commented contributor-last send
7747		[suggestion] Add Kustomize install documentation		5 6	11mo	5wk	11mo		kind/feature lifecycle/stale	commented contributor-last recv recv-q
8058		Cert-manager fails to import ECDSA private keys generated by openssl PR#8187: fix: add case for parsing key with ec parameters changes-requested			7mo	11d	7mo		kind/bug priority/important-longterm lifecycle/stale	contributor-last pr-changes-requested recv
7422		Please provide standalone helm chart for CRDs		20	1y	6wk	1y		kind/feature lifecycle/stale	contributor-last recv
7598		More fine-grained control of powerful RBAC permission granted via Helm chart		2 5	1y	11d	9mo		kind/feature priority/important-longterm lifecycle/stale	assigned assignee-updated commented contributor-last pr-merged recv-q send
6179		CRDs shouldn't be templated in Helm		5 2 30	2y	4wk	7mo		priority/backlog lifecycle/stale	commented recv-q send
6224		Option to store certificate history in individual secrets		2	2y	5wk	7mo		kind/feature lifecycle/stale	commented contributor-last recv-q send
7764		Doc: Add leaderElection.namespace recommendation			11mo	4wk	7mo		size/XS release-note-none lifecycle/stale dco-signoff: yes ok-to-test area/deploy needs-kind	commented contributor-last recv-q send unreviewed
7399		Add renew window to restrict when certificate renewal can happen			1y	7wk	1y		size/L release-note needs-rebase area/api kind/feature needs-ok-to-test lifecycle/stale dco-signoff: yes area/testing area/deploy	contributor-last recv recv-q unreviewed
8141		fix(helm): Align targetPorts in metrics endpoints for webhook and cainjector services		2	6mo	9d	6mo		size/XS release-note-none lgtm lifecycle/stale dco-signoff: yes ok-to-test area/deploy needs-kind	commented contributor-last send unreviewed
750		Feat: Emit Events on the controller Pod instead of cluster-scoped Bundle			7mo	3wk	6mo		lifecycle/stale	commented contributor-last recv
741		Using an Image Volume to deploy certifiats			7mo	4wk	7mo		lifecycle/stale	commented contributor-last send
297		Allow all resources to be namespaced		7	2y	4wk	7mo		priority/backlog lifecycle/stale	commented contributor-last send
222		[Feature] - Ability to inject a CA cert into a cert-manager managed secret resource		16	2y	6wk	7mo		lifecycle/stale	commented contributor-last pr-merged send
142		expose bundles CRD as release artifact		2 12	2y	4d	8mo		help wanted lifecycle/stale	author-last commented recv recv-q
683		feat: Add a very basic pre-commit configuration			8mo	2mo	8mo		dco-signoff: yes size/XS lifecycle/stale	commented contributor-last new-commits

Features that deserve a follow-up comment (13)

Resolution: Comment or close the issue

Average age: 461.5d, Avg wait: 167.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8372		HTTP-01 challenge: support stateless http-01 challenge			3mo	3mo	3mo		kind/feature	recv
8209		Add revocation at certificate deletion Similar: #28: Certificate revocation from CAS Console (open)		3	5mo	5mo	5mo		kind/feature	recv similar
8121		Support for Creating CertificateRequest from Kubernetes Secret Similar: #8378: Support `PodCertificateRequest` (open) Similar: #7829: Support to auto delete Certificaterequest (open) Similar: #204: Support for creating certificate for wildcard route (open)			6mo	5mo	6mo		kind/feature triage/needs-information	contributor-last recv recv-q similar
8235		Cert-manager support for Issuer-managed keys			5mo	5mo	5mo		kind/feature	author-last commented recv
7561		Feature Request RFC: Push notifications from cert-manager to <other service> when certificates are issued			1y	5mo	5mo		kind/feature	author-last commented recv recv-q
7817		Support `global.nodeSelector` in the Helm chart		2	10mo	6mo	10mo		kind/feature	contributor-last pr-merged recv
6662		support overriding of ttl in cloudflare		2	2y	4mo	2y		kind/feature priority/backlog	author-last commented recv
7311		helm schema validation should validate `featureGates`			2y	3mo	10mo		lifecycle/frozen kind/feature priority/backlog	commented contributor-last recv
7868		Metrics for webhook certificate		3	9mo	5mo	9mo		kind/feature	author-last recv
7834		Provide race condition mitigation support			9mo	3mo	9mo		kind/feature	author-last recv
2478		Allow CA issuer secret rotation		2 71	6y	4mo	1y		kind/feature priority/important-longterm area/ca	commented contributor-last recv
742		Add option to disable webhook in Helm chart			7mo	4mo	7mo		kind/feature	author-last commented recv
306		[FEATURE]Enable setting private key encoding via annotation PR#303: feat: add support for setting private key encoding commented			4mo	4mo	4mo		kind/feature	author-last pr-reviewed-with-comment recv

Features that have not been commented on within 90 days (30)

Resolution: Comment or close the issue

Average age: 945.5d, Avg wait: 72.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8378		Support `PodCertificateRequest` Similar: #8121: Support for Creating CertificateRequest from Kubernetes Secret (open) Similar: #7829: Support to auto delete Certificaterequest (open) Similar: #7821: Request to support AWS ACM Exportable certificates (open) Similar: #560: Support rotated certificate sources (open)			3mo	3mo	3mo		kind/feature	collaborator-last commented send similar
8194		Update e2e Documentation - for the make e2e-setup command			6mo	6mo	6mo		kind/feature	collaborator-last commented send
7821		Request to support AWS ACM Exportable certificates Similar: #8378: Support `PodCertificateRequest` (open) Similar: #7829: Support to auto delete Certificaterequest (open)		56	10mo	4mo	6mo		kind/feature	commented send similar
7788		Be able to default `acme.cert-manager.io/http01-edit-in-place: "true"` behavior in deployment/chart values		4	10mo	4mo	4mo		kind/feature	collaborator-last commented send
7520		ClusterIssuer read caBundle from Secret PR#7521: ClusterIssuer read caBundle from Secret unreviewed		7	1y	4mo	1y		kind/feature	commented pr-unreviewed send
6470		ingress-shim: allow to impersonate ingress-creator instead of using cert-manager serviceaccount		2	2y	2y	2y		lifecycle/frozen kind/feature priority/backlog	commented contributor-last send
6210		Flag to write/sync secrets to a namespace other than the namespace where the Certificate object is created		6	2y	3mo	2y		kind/feature priority/backlog	commented send
6051		Detecting Gateway hostnames based on attached HTTPRoutes Similar: #8442: Gateway-API HTTP-01: HTTPRoute rejected when hostname is an IP address (closed)		7 32	2y	8mo	9mo		lifecycle/frozen kind/feature priority/important-longterm	commented pr-merged send similar
3521		Integration with ExternalDNS		4 52	5y	7mo	1y		help wanted lifecycle/frozen kind/feature priority/important-longterm	commented recv-q
3381		Setup separate package for cert-manager API		5	5y	1y	1y		lifecycle/frozen kind/feature priority/important-soon	assigned assignee-updated commented member-last send
3298		Let's encrypt certificate caching to mitigate rate limits problems		3 5 24	5y	5mo	2y		help wanted kind/feature priority/backlog	commented send
2930		Mirror to gcr.io or dockerhub		2 29	6y	1y	1y		lifecycle/frozen kind/feature priority/important-soon area/deploy	assigned assignee-updated commented contributor-last send
2538		cert-manager does not use ingress.class from Ingress annotated with cert-manager.io/cluster-issuer		74	6y	2y	2y		area/api help wanted lifecycle/frozen kind/feature priority/backlog	commented send
2525		Better support multi-namespace & single-namespace deployments Similar: #7684: Add support for namespaced deployment (open)		27	6y	11mo	2y		lifecycle/frozen kind/feature priority/important-longterm area/deploy	commented contributor-last pr-closed send similar
2178		Handling 'unregistering' certificates from Venafi TPP		22	6y	2y	2y		lifecycle/frozen kind/feature priority/important-longterm area/venafi	commented member-last send
155		Add 'unreleased version' & 'old version' warning banner to non-latest versions of docs			6y	5y	6y		kind/feature priority/backlog	commented contributor-last
154		Publish SBOMs			2y	2y	2y		kind/feature good first issue	commented member-last send
13 previously listed items omitted: #8372 #8235 #8209 #8121 #7868 #7834 #7817 #7561 #7311 #6662 #2478 #742 #306

Bugs that deserve a follow-up comment (18)

Resolution: Comment or close the issue

Average age: 589.3d, Avg wait: 312.3d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8476		Helm chart defaults leaderElection namespace to kube-system, blocking cert-manager controller and certificate creation			2mo	2mo	2mo		kind/bug	author-last commented recv recv-q
8095		DNS-01 Delegated zone is not following CNAME and creating wrong records		4	7mo	5mo	6mo		kind/bug	author-last commented recv recv-q
7864		failed to call webhook: certificate has expired or is not yet valid Similar: #5861: cert manager API showing error - "x509: certificate has expired or is not yet valid" (open)		2	9mo	3mo	9mo		kind/bug	assigned assignee-updated contributor-last recv recv-q similar
7826		If issuer is incorrect, it is still shown as READY PR#8255: add dns issuer secrets validation before marking it as ready new-commits			10mo	5mo	10mo		kind/bug priority/important-longterm	assigned assignee-updated author-last pr-new-commits recv recv-q
7768		Stuck in a loop with `multiple challenge solver pods found for challenge`			10mo	4mo	10mo		kind/bug	author-last recv
7760		Is the zone responsible for a domain changes, cert-manager will not pick it up			11mo	2mo	11mo		kind/bug lifecycle/rotten	contributor-last recv
7625		Clean install fails to create Issuer		4	1y	2mo	1y		kind/bug lifecycle/rotten	contributor-last recv recv-q
7594		Cloudflare delegated domains returns Found no Zones for domain _acme-challenge.mydomain.com			1y	2mo	1y		kind/bug lifecycle/rotten	contributor-last recv
7522		Non standard "cert-manager.io" used in event "Reason"			1y	5mo	1y		lifecycle/frozen kind/bug	commented contributor-last recv
7486		`"Unhandled Error" err="ingress '...' in work queue no longer exists"` should be handled (clean up dangling `Certificate`)		6	1y	5mo	1y		lifecycle/frozen kind/bug	contributor-last recv recv-q
7438		certificate not updated after enabling SSA			1y	4mo	1y		kind/bug	author-last recv
7388		Kid missing in the new order request PR#8262: Bugfix #7388 kid missing issue with Infisical ACME server or any other ACME that requires EAB unreviewed		2	2y	5mo	2y		kind/bug	pr-unreviewed recv recv-q
7288		Missing UID in webhook challenge request			2y	2mo	2y		kind/bug priority/backlog lifecycle/rotten	contributor-last recv
7234		AWS Route53: Stale/Stuck Challenges should be deleted after a given timeout PR#7897: wip: add retry mechanism for challenge solver whenever we detect unauthorized error commented		4	2y	4mo	2y		kind/bug priority/important-soon	assigned assignee-updated commented contributor-last pr-closed pr-merged pr-reviewed-with-comment recv recv-q
5751		Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together PR#8639: fix(dns01): don't follow wildcard CNAMEs for challenge domain unreviewed			3y	5mo	3y		lifecycle/frozen kind/bug priority/important-soon	author-last pr-closed pr-unreviewed recv recv-q
4749		rfc2136 seems to not work with deep subdomains			4y	5mo	4y		kind/bug area/acme/dns01	recv recv-q
4685		Unexpected EOF during watch stream event decoding: unexpected EOF -- possibly due to api server upgrades / restarts		12	4y	6mo	6mo		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last recv
6741		ACME account private key and URI are not updated if the path of the ACME server is changed PR#8631: fix(acme): detect server URL path changes for account re-registration unreviewed		7	2y	4mo	2y		lifecycle/frozen kind/bug priority/important-soon	pr-unreviewed recv

Bugs that have not been commented on within 60 days (29)

Resolution: Comment or close the issue

Average age: 660.0d, Avg wait: 193.8d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8234		Vault Issuer: certmanager spams thousands of CertificateRequest resources if Issuer is configured to use the Vault issue endpoint rather than the sign endpoint PR#8630: fix(vault): detect mismatched key from issue endpoint and fail permanently unreviewed			5mo	5mo	5mo		kind/bug	commented member-last pr-unreviewed send
8102		cert-manager-startupapicheck erroring while installation		4	6mo	4mo	4mo		kind/bug triage/needs-information	commented member-last send
7828		Cert-manager created multiple CertificateRequests (over 30k) for a valid certificate			9mo	5mo	8mo		kind/bug	commented send
7660		cert-manager produces invalid (per RFC5280) certificates when `cert sign` usage is set along with another usage			1y	2mo	11mo		kind/bug lifecycle/rotten	commented contributor-last send
6969		Should upgrade status managed fields from CSA to SSA when ServerSideApply feature gate enabled			2y	2y	2y		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last send
6331		CSR not signed by referenced private key		10	2y	4mo	2y		lifecycle/frozen kind/bug priority/important-soon	commented contributor-last recv-q send
5959		`ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries		23	3y	4mo	2y		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last recv-q send
6230		DigitalOcean: cert-manager DDoSes DNS-01 solver - infinite rate limiting		6	2y	4mo	5mo		lifecycle/frozen kind/bug priority/critical-urgent area/acme/dns01	commented member-last pr-closed pr-merged send
5864		Certmgr allows creating certificates expiring after ca expiration. PR#7733: fixes #5864: cert-manager CA to issue certs after verify with CA Certs Validity new-commits		4 33	3y	6mo	11mo		lifecycle/frozen kind/bug cybr	commented pr-new-commits recv-q send
5101		No backoff/delay when failing to create challenge solver pods PR#8379: acmechallenges: stabilize solver resource names unreviewed		9	4y	4mo	4mo		kind/bug priority/important-longterm triage/needs-information	commented member-last pr-unreviewed send
5867		Controller can't handle hitting request rate limits of zerossl ACME API		7 12 31	3y	1y	2y		lifecycle/frozen kind/bug priority/important-soon	commented pr-closed pr-merged recv-q send
18 previously listed items omitted: #8476 #8095 #7864 #7826 #7768 #7760 #7625 #7594 #7522 #7486 #7438 #7288 #7234 #6741 #7388 #5751 #4749 #4685

Items that deserve a follow-up comment (95)

Resolution: Comment or close the issue

Average age: 834.4d, Avg wait: 779.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8512		ArtifactHub install command causes Helm fallback warning due to missing v prefix			2mo	2mo	2mo			recv
8481		FYI: cert-manager-webhook-libdns			2mo	2mo	2mo			recv
8094		HTTP-01 challenge returns 502 with App Gateway (works with NGINX ingress controller)			7mo	2mo	7mo			recv recv-q
7895		if certificate is already expired, it shown like a True PR#8529: fix: schedule readiness re-evaluation at certificate expiry time new-commits		2	8mo	3mo	6mo		help wanted priority/important-soon	commented pr-new-commits pr-unreviewed recv
7531		punycode issue			1y	5mo	1y			author-last recv
7492		`UseCertificateRequestBasicConstraints` should probably add `Critical` for `isCA`			1y	5mo	11mo		lifecycle/frozen	commented contributor-last recv
6820		Ongoing dependency evaluation			2y	2y	2y		lifecycle/frozen priority/important-longterm	contributor-last recv
3992		Add non-CRD yaml file		4	5y	5mo	2y		priority/important-soon area/deploy	author-last commented recv
7755		cert-manager-challenges Error presenting challenge: expected array of Record			11mo	2mo	11mo		lifecycle/rotten	contributor-last recv recv-q
7749		Http and PROXY protocol		5	11mo	2mo	11mo		lifecycle/rotten	contributor-last recv
7717		After uninstalling cert-manager, ingress resources can still only be accessed via https			11mo	2mo	11mo		lifecycle/rotten	contributor-last recv
7659		Challenge and resolver pod/ingress killed too soon		2	1y	2mo	1y		lifecycle/rotten	contributor-last recv
1935		add third party cert-manager-webhook-infomaniak			2mo	2mo	2mo			recv
1926		Change the Cert Manager Webhook DNS01 of Hetzner Cloud			2mo	2mo	2mo			author-last pr-closed recv
1806		Tutorial depends on no longer available image of kuard		4	6mo	6mo	6mo			recv
1802		Invalid certificate			6mo	6mo	6mo			recv
1643		Let's Encrypt Ending Support for Notification Emails			1y	8mo	1y			recv
1625		Configuration issue potentially leading to a memory leak			1y	1y	1y			recv
1623		Claim about v1beta1/v1alpha2 support for gateway api is misleading			1y	1y	1y			recv
1620		Cert Manager allows the creation of Illegal wilcard SANs			1y	1y	1y			recv
1608		Renaming Securing NGINX-ingress to ingress-nginx			1y	1y	1y			recv
1596		Wrong key for cloudflare secret ref in DNS Validation tutorial page			1y	1y	1y			recv
1585		Broken install instructions due wrong cert_manager_latest_version - v1.16.1			2y	2y	2y			recv
1549		Brand guideline page			2y	2y	2y		priority/backlog	contributor-last recv
1490		GKE tutorial falsely claims it's possible to create LE certificate without domain (only IP)			2y	2y	2y			author-last recv
1473		Add ArtifactHub packages to website			2y	2y	2y		priority/backlog	recv
944		Document how to install cert-manager in a different namespace		4	4y	2y	4y		good first issue	recv recv-q
850		Document available cert-manager Prometheus metrics			4y	3y	4y		documentation good first issue priority/important-longterm	recv recv-q
484		Please add anchor tags to your subheadings			5y	5y	5y		priority/backlog kind/documentation	commented contributor-last pr-merged recv
354		DigitalOcean access-token should not be base64-encoded			5y	5y	5y		priority/awaiting-more-evidence	author-last recv recv-q
237		docs for ACMEChallengeSolverHTTP01Ingress doesn't specify what `class` values are available			5y	5y	5y		priority/backlog kind/documentation	contributor-last pr-closed recv
197		Document ACME account mismatch PR#2023: Adds troubleshooting guide for host missmatch error unreviewed			6y	1y	6y		good first issue priority/backlog kind/documentation	pr-unreviewed recv recv-q
130		FAQ: How does cert-manager handle ingresses with valid TLS secrets?			6y	5y	6y		help wanted priority/backlog kind/documentation	contributor-last recv
76		Upgrading from v0.10 to v0.11 - missing cainjector annotation			6y	5y	6y		priority/backlog kind/documentation	contributor-last recv
1063		"Securing Ingresses with Venafi" tutorial contains link to missing manifest			3y	2y	3y		priority/important-longterm	author-last pr-merged recv
228		Documentation needs correction for external-account-bindings			5y	1y	5y		good first issue priority/backlog kind/documentation	contributor-last pr-merged recv
501		Error logs not very helpful		2	1y	1y	1y			recv
431		istio-csr pod healthz check fails for long time in v0.11.0 and v0.12.0			1y	1y	1y			recv recv-q
287		Getting Readiness probe failed when using cert-manager-istio-csr Similar: #84: csr readiness probe failed, istio ingress pod also failed (open)			2y	2y	2y			author-last recv recv-q similar
244		Populate Subject Fields in Certificate			2y	2y	2y			recv
84		csr readiness probe failed, istio ingress pod also failed Similar: #287: Getting Readiness probe failed when using cert-manager-istio-csr (open)		2	4y	2y	4y		support	recv recv-q similar
176		certificateDuration is not used for the Istio CSR generated certificate requests			3y	8mo	3y			pr-closed recv recv-q
137		Documentation on rotating the root certificate		2	4y	11mo	4y			recv recv-q
130		Document best-practices for minimal vault role configuration for istio-csr			4y	2y	4y			recv recv-q
113		Integrating with istio helm chart installs		15	4y	2y	4y			recv recv-q
667		Cannot create secret cert-manager-approver-policy-tls Similar: #559: Flakey Tests in pull-cert-manager-approver-policy-test (open)			8mo	8mo	8mo			commented contributor-last recv similar
466		Document How to Configure Common Scenarios			2y	2y	2y			recv
452		CRDs in the Release files		3	2y	2y	2y			recv
881		Helm install fails when extraObjects contains Bundles			2mo	2mo	2mo			recv
848		Request for cryptographic mechanisms used in cert-manager-trust-manager			2mo	2mo	2mo			recv
835		Helm Chart cannot set securityContext			3mo	3mo	3mo			recv
778		Add option to use a specific issuer in the helm chart			6mo	6mo	6mo			recv
761		Feat: Add a namespaced trust bundle CRD alongside the cluster-scoped Bundle			6mo	4mo	6mo			commented contributor-last recv recv-q
560		Support rotated certificate sources Similar: #8378: Support `PodCertificateRequest` (open)		38	1y	3mo	1y			commented recv recv-q similar
301		Add support for kubectl installation Similar: #197: Kubectl One-line Installation Support (open)			2y	1y	2y		lifecycle/frozen	author-last commented open-milestone recv recv-q similar
521		RFC: Cert-Manager CSI Driver as Secret Store Provider			4mo	4mo	4mo			recv
385		Helm Install of cert-manager-csi-driver Fails on Minikube with /dev/bus/usb Errors			1y	1y	1y			author-last recv
383		[Feature Request] Adding attributes that available in Certificate CRD to CSI Driver		6	1y	1y	1y			recv
353		mismatch between the key and the certificate signature algorithm			1y	1y	1y			recv
267		Does cert-manager-csi-driver support AWS EKS with AWS Fargate nodes?			2y	2y	2y			recv
264		Certificate renewal doesn't change file 'modified date'			2y	2y	2y			recv
241		Missing cert-manager.io/revision-history-limit volume attributes for CSI-Driver		6	2y	2y	2y			recv
130		JKS support		6	3y	2y	3y			recv recv-q
17		ability to specify pod IP in volume attributes		8	6y	1y	5y			commented recv recv-q
204		Support for creating certificate for wildcard route Similar: #8121: Support for Creating CertificateRequest from Kubernetes Secret (open) Similar: #56: Support for destinationCaCertificate / Reencrypt Routes (open)			9mo	4mo	9mo			recv similar
174		Standby Replicas without lease use lots of CPU			1y	1y	1y			recv
116		Release static manifests (no helm) for v0.6.0-alpha.0+		2	1y	1y	1y			recv
58		certificate cannot be renewed, error message: "key does not match certificate"		4	2y	2y	2y			recv recv-q
56		Support for destinationCaCertificate / Reencrypt Routes Similar: #204: Support for creating certificate for wildcard route (open)		2	2y	2y	2y			recv similar
54		Same certificate in path based Routes		3	2y	1y	2y			pr-closed recv
46		Cert-manager operator fails to issue certificates			4y	4y	4y			recv
22		Customize the deployment of cert-manager installed via OLM		5 6	5y	2y	3y			commented recv recv-q
17		Operator prevents passing extraArgs helm value		7	5y	3y	5y			recv recv-q
3		Restrict operator RBAC permissions			6y	2y	6y		priority/backlog	pr-merged recv
74		Consistency issues due to the use of mount binds			1y	1y	1y			author-last commented recv recv-q
40		Optional auto rotating/renewing certificates Similar: #8085: Feature Request: Add annotation to disable automatic certificate renewal (open)			3y	2y	3y			contributor-last recv recv-q similar
63		Is it possible to only create Issuer and remove the CluserIssuer			10mo	10mo	10mo			recv
62		Limit the controller-manager to access secrets only from specific namespace			10mo	10mo	10mo			recv
122		asdf cmctl installer issues		2	2y	2y	2y			author-last commented recv
83		As cmctl user, I want to use different kubectl context on command line ( --context='kubectl-context-abc' )		4	2y	2y	2y		priority/important-longterm	recv
690		Clean up Presets			3y	2y	3y		priority/backlog	pr-merged recv
594		Document infra image bumps and versioning			4y	2y	4y		priority/backlog	recv
81		How to enable leader election in the webhook?			1y	1y	1y			recv
80		How to deal with K8s timelimit in 30s ?			1y	1y	1y			recv
74		Why cert-manager looks for a CNAME record instead of a TXT record?			2y	2y	2y			recv
72		readyz and healthz api			2y	2y	2y			recv
46		Code reference a pull request to be merged, but the pull request was closed by a robot			3y	2mo	3y			recv
38		Set repository to be a GitHub template repository			4y	2y	4y		priority/important-longterm	recv
37		Add logging example			4y	2y	4y			pr-closed recv
7		Dependency Dashboard			4mo	2mo	4mo			recv
361		[Helm] allow `enabled` as key in values schema			5mo	5mo	5mo			recv
162		Issue: Broken config when using commonLabels			2y	2y	2y			recv
148		Certificate chain is not split correctly PR#159: Split certificate chain commented		5	2y	2y	2y			author-last pr-reviewed-with-comment recv recv-q
133		Allow to use a custom Service Account PR#143: feat: allow creating or reusing an existing sa unreviewed		5	2y	2y	2y			pr-unreviewed recv
102		certificate renewal does not work in due to auth issue to privatecaapi end point			3y	1y	3y			recv

Items that have not been commented on within 60 days (140)

Resolution: Comment or close the issue

Average age: 987.4d, Avg wait: 505.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8364		Replace Hetzner DNS01 Webhook			3mo	3mo	3mo			collaborator-last commented send
8201		Timeout contacting Cloudflare API during cert-manager DNS-01 challenge			5mo	5mo	5mo			commented send
8183		Add helm diff output to cert-manager PRs			6mo	4mo	5mo			assigned assignee-updated collaborator-last commented send
7822		Tracking: Kubernetes Gateway API follow up tasks		5	10mo	4mo	4mo			commented member-last pr-merged send
7699		Adding Helm Unittest to all certmanager projects Similar: #8668: Add helm unit tests for cert-manager chart (open)			1y	3mo	3mo		priority/backlog	assigned assignee-updated commented member-last send similar
6709		1.14 Release Review		3	2y	2y	2y		lifecycle/frozen priority/important-soon	commented contributor-last send
5861		cert manager API showing error - "x509: certificate has expired or is not yet valid" PR#8464: improve dynamic source serving certificate renewal logic unreviewed Similar: #7864: failed to call webhook: certificate has expired or is not yet valid (open)		3	3y	3mo	4mo		good first issue lifecycle/frozen priority/important-longterm	assigned assignee-updated commented contributor-last pr-unreviewed send similar
4191		Setting default values for Pod's "resources"?		7	4y	2y	2y		lifecycle/frozen priority/important-longterm	commented contributor-last recv-q send
4950		General flakiness of our end-to-end suite		3	4y	2y	3y		lifecycle/frozen priority/important-longterm kind/flake	commented member-last pr-closed pr-merged send
5298		Complete the Migration Away From Jetstack Names			3y	2y	2y		lifecycle/frozen kind/cleanup priority/important-soon	commented member-last send
1546		Self upgrade PRs don't run checks			2y	6mo	2y		cybr	commented member-last
1186		Document that/why we don't use Helm's CRD installation mechanism			3y	2y	2y		good first issue priority/important-longterm kind/documentation	assigned assignee-updated commented member-last send
1101		Feature request for updating documentation.			3y	2y	2y		priority/backlog	commented member-last send
401		Bring tutorials up to date			5y	3y	3y		priority/important-longterm	commented member-last send
320		Document how to install cert-manager using gitops and known issues with particular gitops implementations		5	5y	2y	5y		documentation help wanted priority/backlog	commented pr-merged recv-q
234		Backup and Restore Resources		3	5y	5y	5y		priority/backlog kind/documentation	commented member-last pr-merged send
223		Document wildcard certificate tutorial			6y	5y	6y		priority/important-longterm kind/documentation	commented contributor-last send
195		Document keystores			6y	3y	5y		priority/important-soon kind/documentation	commented contributor-last send
174		Add documentation for CRD conversion webhook ca injection			6y	5y	5y		help wanted priority/important-soon kind/documentation	commented member-last send
414		Explain cert-manager repo structure		2	5y	5y	5y		priority/backlog kind/documentation	assigned assignee-updated commented member-last pr-closed pr-merged send
1262		v1.9 to v1.10 upgrade instructions does not mention container name change			2y	1y	2y		priority/backlog	assigned assignee-updated commented member-last send
697		[IRSA] Needs `runAsUser: 1001`			4y	2y	2y			commented member-last pr-merged send
153		It is possible to have several CAs within the same cluster.		3	4y	1y	2y			commented send
394		Limit number of SANs by policy			2y	2y	2y			commented member-last send
288		Feature: Take control of approval for the whole cluster		2	2y	2y	2y			commented member-last
216		Simplify configuration by creating RBAC by default PR#628: Grant cert-manager RBAC to use all policies by default unreviewed		2	3y	1y	1y		help wanted	commented contributor-last pr-merged pr-unreviewed recv-q send
203		Improve CRD fields for specifying key requirements		3	3y	1y	1y			commented member-last send
169		Webhook Custom CA			3y	11mo	11mo		help wanted	commented contributor-last recv-q send
592		Feature: ClusterTrustBundle as Sources Similar: #591: Feature: ClusterTrustBundle as Target (open)			1y	5mo	5mo			commented member-last send similar
245		Split Bundle controller into multiple controllers			2y	1y	1y		lifecycle/frozen	commented member-last pr-merged send
243		More flexible and better organized target specification in API		5	2y	3mo	5mo		lifecycle/frozen	commented pr-merged
131		Feature: per namespace trust bundle		8	2y	6mo	9mo		lifecycle/frozen	commented send
99		Allow removing Bundles whilst keeping the synced CA certs		5	3y	11mo	11mo		lifecycle/frozen	commented member-last pr-unreviewed
63		nit: Rename "Bundle" to "ClusterBundle"		18	3y	9mo	9mo		lifecycle/frozen	commented member-last open-milestone pr-merged send
39		Don't sync targets to all namespaces by default		8	3y	11mo	11mo		lifecycle/frozen	commented member-last open-milestone pr-merged send
58		Support injection pem into an existing configmap PR#395: WIP: feat: inject bundle data into configmap unreviewed		8	3y	11mo	11mo		priority/important-longterm lifecycle/frozen	assigned assignee-updated commented member-last pr-closed pr-merged pr-unreviewed send
591		Feature: ClusterTrustBundle as Target Similar: #592: Feature: ClusterTrustBundle as Sources (open)		12	1y	5mo	5mo			commented member-last pr-merged send similar
242		New version of Bundle API		2 4	2y	1y	1y		lifecycle/frozen	commented pr-closed pr-merged
204		clarify SetCAOnCertificateRequest deprecation status			1y	10mo	10mo			commented member-last send
171		E2E Test Cleanup			2y	2y	2y		good first issue	commented member-last
45		Unable to mount and read only file error		5	4y	2y	2y		priority/awaiting-more-evidence	commented send
38		Route with cert-manager annotations is not created		4	2y	10mo	2y			commented send
70		OLM deployment with ArgoCD is OutOfSync			3y	3y	3y			commented send
33		Create e2e test to validate CertificateRequest garbage collection			3y	2y	2y		priority/backlog	assigned commented member-last send
56		Struggling to get controller running in local KIND cluster			1y	11mo	11mo			commented member-last send
59		Process regarding worrying emails sent to the maintainers mailing list			7mo	7mo	7mo			commented member-last
81		Configuring Peribolos for Github org management			7y	2y	2y		priority/backlog	commented member-last send
451		Re-enable testing with specific kubernetes versions in subprojects			6mo	6mo	6mo		cybr	commented member-last send
202		Makefile Modules, Go Versions and Vendoring			2y	2y	2y			commented contributor-last
3		Migrating all cert-manager projects to "Makefile modules"			2y	4mo	10mo		priority/backlog	commented member-last
64		Open Standup: Updating an event didn't send new invitations to already registered people			4mo	4mo	4mo			commented member-last send
63		CNCF-paid GitHub Actions runners			5mo	4mo	4mo			commented member-last
60		Lazy vote: Zoom for standup meetings to be able to add the standups to the LFX calendar			5mo	5mo	5mo			commented member-last
43		Allow non-Venafi employee maintainers full release capabilities		3	1y	4mo	4mo		priority/backlog	assigned assignee-updated commented member-last
35		Post-Graduation Suggestion Tracker			2y	2y	2y			commented member-last pr-merged
3		Make unit testing easier/make examples work			7y	2y	4y		priority/important-longterm	commented member-last pr-closed send
27		failed with: OpenAPI spec does not exist		2 6	4y	2y	2y		priority/critical-urgent	commented pr-closed pr-unreviewed send
197		Kubectl One-line Installation Support Similar: #301: Add support for kubectl installation (open)			2y	2y	2y			commented member-last send similar
82 previously listed items omitted