generic Weekly Triage :: Triage Party

queue to be emptied once a week in a team triage meeting

Important soon, but no updates in 60 days (15)

Resolution: Downgrade to important-longterm

Average age: 1426.7d, Avg wait: 65.4d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
6709		1.14 Release Review		3	2y	2y	2y		lifecycle/frozen priority/important-soon	commented contributor-last send
6331		CSR not signed by referenced private key		10	2y	6mo	2y		lifecycle/frozen kind/bug priority/important-soon	commented contributor-last recv-q send
5751		Wildcard DNS domains and `cnameStrategy: Follow` don't work nicely together PR#8639: fix(dns01): don't follow wildcard CNAMEs for challenge domain unreviewed		2	3y	7mo	3y		lifecycle/frozen kind/bug priority/important-soon	author-last pr-closed pr-unreviewed recv recv-q
5298		Complete the Migration Away From Jetstack Names			3y	2y	2y		lifecycle/frozen kind/cleanup priority/important-soon	commented member-last send
3381		Setup separate package for cert-manager API		5	5y	1y	1y		lifecycle/frozen kind/feature priority/important-soon	assigned assignee-updated commented member-last send
6741		ACME account private key and URI are not updated if the path of the ACME server is changed PR#8631: fix(acme): detect server URL path changes for account re-registration unreviewed		7	2y	6mo	2y		lifecycle/frozen kind/bug priority/important-soon	pr-unreviewed recv
2239		Create a CertificatePreset resource type to allow configurable defaulting		2 4 105	6y	2mo	1y		area/api kind/feature priority/backlog priority/important-soon	commented pr-closed pr-unreviewed send
5867		Controller can't handle hitting request rate limits of zerossl ACME API		7 12 31	3y	1y	2y		lifecycle/frozen kind/bug priority/important-soon	commented pr-closed pr-merged recv-q send
1425		The `issuer.vault.spec.caBundleSecretRef` docs are missing			2y	2y			priority/important-soon
1174		Document the docker images and how to find them PR#2042: docs: list cert-manager container images commented			3y	2mo	3y		good first issue priority/important-soon kind/documentation	commented contributor-last pr-reviewed-with-comment send
955		Document when the vault pki role required setting `require_cn=false`		2	4y	2y			priority/important-soon
195		Document keystores			6y	3y	5y		priority/important-soon kind/documentation	commented contributor-last send
174		Add documentation for CRD conversion webhook ca injection			6y	5y	5y		help wanted priority/important-soon kind/documentation	commented member-last send
802		Spelling errors are unclear in pull request CI results and spell checker is unmaintained			4y	2y			kind/bug priority/important-soon	contributor-last pr-merged
127		cmctl version reports only the old CRD version if I upgrade cert-manager without including the CRDs			2y	2y			priority/important-soon

Important longterm, but no updates in 120 days (25)

Resolution: Downgrade to backlog

Average age: 1489.5d, Avg wait: 238.8d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
7514		Replace some of the webhook functionality with `ValidatingAdmissionPolicy` & CEL			1y	4mo	10mo		kind/feature priority/important-longterm	author-last commented recv
6969		Should upgrade status managed fields from CSA to SSA when ServerSideApply feature gate enabled			2y	2y	2y		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last send
6820		Ongoing dependency evaluation			2y	2y	2y		lifecycle/frozen priority/important-longterm	contributor-last recv
5959		`ImagePullBackoff` on `cm-acme-http-solver` pod, if using private registries		23	3y	6mo	2y		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last recv-q send
5861		cert manager API showing error - "x509: certificate has expired or is not yet valid" PR#8464: improve dynamic source serving certificate renewal logic commented Similar: #7864: failed to call webhook: certificate has expired or is not yet valid (open)		3	3y	5mo	6mo		good first issue lifecycle/frozen priority/important-longterm	assigned assignee-updated commented contributor-last pr-reviewed-with-comment send similar
4191		Setting default values for Pod's "resources"?		7	5y	2y	2y		lifecycle/frozen priority/important-longterm	commented contributor-last recv-q send
3521		Integration with ExternalDNS		4 54	5y	9mo	2y		help wanted lifecycle/frozen kind/feature priority/important-longterm	commented recv-q
3103		Adding probes to the cert-manager pods		10	5y	4mo	4mo		good first issue help wanted kind/feature priority/important-longterm area/deploy	commented member-last pr-closed send
2178		Handling 'unregistering' certificates from Venafi TPP		22	6y	2y	2y		lifecycle/frozen kind/feature priority/important-longterm area/venafi	commented member-last send
6051		Detecting Gateway hostnames based on attached HTTPRoutes		7 35	3y	10mo	11mo		lifecycle/frozen kind/feature priority/important-longterm	commented pr-merged send
4685		Unexpected EOF during watch stream event decoding: unexpected EOF -- possibly due to api server upgrades / restarts		12	4y	8mo	8mo		lifecycle/frozen kind/bug priority/important-longterm	commented contributor-last recv
4950		General flakiness of our end-to-end suite		3	4y	2y	3y		lifecycle/frozen priority/important-longterm kind/flake	commented member-last pr-closed pr-merged send
2525		Better support multi-namespace & single-namespace deployments Similar: #7684: Add support for namespaced deployment (open)		29	6y	1y	2y		lifecycle/frozen kind/feature priority/important-longterm area/deploy	commented contributor-last pr-closed send similar
1186		Document that/why we don't use Helm's CRD installation mechanism			3y	2y	2y		good first issue priority/important-longterm kind/documentation	assigned assignee-updated commented member-last send
223		Document wildcard certificate tutorial			6y	5y	6y		priority/important-longterm kind/documentation	commented contributor-last send
1063		"Securing Ingresses with Venafi" tutorial contains link to missing manifest			3y	2y	3y		priority/important-longterm	author-last pr-merged recv
975		Some pages do not make it clear what the user should read next			4y	2y			priority/important-longterm
850		Document available cert-manager Prometheus metrics			4y	3y	4y		documentation good first issue priority/important-longterm	recv recv-q
401		Bring tutorials up to date			5y	3y	3y		priority/important-longterm	commented member-last send
58		Support injection pem into an existing configmap PR#395: WIP: feat: inject bundle data into configmap unreviewed		8	3y	1y	1y		priority/important-longterm lifecycle/frozen	assigned assignee-updated commented member-last pr-closed pr-merged pr-unreviewed send
129		Increase e2e test timeouts			2y	2y			priority/important-longterm
83		As cmctl user, I want to use different kubectl context on command line ( --context='kubectl-context-abc' )		4	2y	2y	2y		priority/important-longterm	recv
98		Document new release process for all repos			2y	2y			priority/important-longterm	assigned
38		Set repository to be a GitHub template repository			4y	2y	4y		priority/important-longterm	recv
3		Make unit testing easier/make examples work			7y	2y	4y		priority/important-longterm	commented member-last pr-closed send

many reactions, low priority (7)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 457.0d, Avg wait: 12.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8611		Move from LetsEncrypt staging endpoint to production endpoint causes loop of the same error		3 2	3mo	2mo	2mo		kind/bug	commented member-last pr-closed send
8493		cloudflare DNS01 - Client.Timeout exceeded while awaiting headers PR#8534: feat: add --dns01-timeout flag to make DNS01 provider API timeout configurable unreviewed PR#8608: fix: reduce happy-eyeballs fallback delay in Cloudflare DNS provider unreviewed		4 11	4mo	2mo	3mo		good first issue help wanted kind/bug	assigned assignee-updated commented pr-unreviewed recv-q send
7890		Cluster issuer for HTTP-01 gatewayHTTPRoute should not require a gateway parentRef		27	10mo	2mo	2mo		kind/feature priority/awaiting-more-evidence area/acme/http01	assigned assignee-updated commented pr-merged send
8373		DNS-PERSIST-01 challenge support (planned for late Q1 2026) Similar: #8530: Allow usage of the new DNS-PERSIST-01 challange for ACME (open)		4 3 3 159	5mo	6wk	5mo		kind/feature	recv recv-q similar
6716		leader election namespace should default to `.Release.Namespace`, not `kube-system` PR#7764: Doc: Add leaderElection.namespace recommendation unreviewed		3 44	2y	3mo	2y		lifecycle/frozen kind/bug triage/not-reproducible	commented pr-closed pr-unreviewed recv-q send
6179		CRDs shouldn't be templated in Helm		5 2 31	3y	12min	9mo		priority/backlog lifecycle/rotten	commented contributor-last recv-q send
7473		Create certificate based on HTTPRoute configuration		63 7 99	2y	2mo	2mo		kind/feature	assigned assignee-updated commented pr-closed pr-merged send

many commenters, low priority (10)

Resolution: Upgrade to priority-soon, priority-longterm, or longterm-support

Average age: 53.2d, Avg wait: 4.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8729		Feature Request: allow to configure max retry backoff duration for failed CertificateRequest			1mo	19d	4wk		kind/feature	assigned assignee-updated commented send
8793		fix: ServerSideApply field loss in certificate-shim and issuing controller			4wk	3d	3d		release-note size/S kind/bug dco-signoff: yes	commented member-last new-commits
8766		feat: add per-solver DNS01 nameserver configuration			5wk	5wk	5wk		release-note size/XL area/api kind/feature area/acme dco-signoff: yes area/acme/dns01 area/deploy	commented contributor-last recv reviewed-with-comment
2101		Document ACME delayed challenge acceptance			4wk	2d	3d		dco-signoff: yes size/M	commented member-last new-commits send
2097		Clarify ACME challenge scheduling behaviour			4wk	4wk	4wk		dco-signoff: yes size/M	commented member-last new-commits
2042		docs: list cert-manager container images			2mo	2mo	2mo		dco-signoff: yes size/S	commented member-last reviewed-with-comment send
918		add bundle metrics		2	2mo	12d	4wk		size/XL ok-to-test dco-signoff: no	author-last commented recv recv-q reviewed-with-comment
477		Mark SAN extension critical in SPIFFE CSRs for RFC 5280 and AWS PCA compliance			3mo	3d	3d		dco-signoff: yes size/M ok-to-test	commented member-last reviewed-with-comment send
501		feat: add secondary CA pool failover support for high availability			5wk	19d	19d		size/XL dco-signoff: yes	changes-requested collaborator-last commented send
486		feat: propagate Kubernetes metadata to Google CAS labels			1mo	6wk	6wk		size/L dco-signoff: yes	collaborator-last commented reviewed-with-comment send

Screaming into the void: No matching items

Needs information for over 2 weeks (4)

Resolution: Close or remove triage/needs-information label

Average age: 688.5d, Avg wait: 63.7d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8121		Support for Creating CertificateRequest from Kubernetes Secret Similar: #8378: Support `PodCertificateRequest` (open) Similar: #7829: Support to auto delete Certificaterequest (open) Similar: #204: Support for creating certificate for wildcard route (open)			8mo	6wk	8mo		kind/feature lifecycle/stale triage/needs-information	contributor-last recv recv-q similar
7846		ClusterIssuer.Status.Acme.URI disappeared		3	11mo	2mo	9mo		good first issue kind/bug priority/awaiting-more-evidence area/acme triage/needs-information	assigned assignee-updated commented send
7845		ClusterIssuer.cert-manager.io "letsencrypt" is invalid: spec.acme.privateKeySecretRef: Required value...		6	11mo	2mo	9mo		kind/bug priority/awaiting-more-evidence lifecycle/stale area/acme triage/needs-information	commented contributor-last send
15		Allow data-root to be an absolute path PR#71: Refactor filesystem.go and adapt tests to use a real file system commented			5y	3y			kind/bug triage/needs-information	contributor-last pr-reviewed-with-comment

Support request over 30 days old (3)

Resolution: Close, or add to triage/long-term-support

Average age: 1279.9d, Avg wait: 0.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8296		HTTP-01 challenge stuck in pending with status code 400			6mo	5mo	5mo		triage/support	commented member-last send
53		Support crlDistributionPoints & ocspServers Similar: #8767: Add support for CRLDistributionPoints on Certificate resources (open)			4y	4y	4y		triage/support	commented send similar
28		Certificate revocation from CAS Console Similar: #8209: Add revocation at certificate deletion (open)			5y	5y	5y		triage/support	commented member-last send similar

Issues nearing expiration (17)

Resolution: Close or label as frozen

Average age: 802.3d, Avg wait: 175.2d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
7914		Output tls.crt in CA cert to another secret			10mo	4wk	10mo		kind/feature lifecycle/rotten	contributor-last recv
8023		ACME issuer fails when CA includes Name Constraints with x509: unhandled critical extension			9mo	13d	9mo		lifecycle/rotten	commented contributor-last recv recv-q
7747		[suggestion] Add Kustomize install documentation		5 6	1y	2d	1y		kind/feature lifecycle/rotten	commented contributor-last recv recv-q
7829		Support to auto delete Certificaterequest Similar: #8121: Support for Creating CertificateRequest from Kubernetes Secret (open) Similar: #8378: Support `PodCertificateRequest` (open) Similar: #7821: Request to support AWS ACM Exportable certificates (open)			11mo	2mo	11mo		kind/feature lifecycle/rotten	commented contributor-last send similar
5048		certificate not renewed for ingress with multiple hosts and http01-edit-in-place		4	4y	2mo	4y		kind/bug priority/backlog lifecycle/rotten	commented recv recv-q
7422		Please provide standalone helm chart for CRDs		20	2y	9d	2y		kind/feature lifecycle/rotten	contributor-last recv
6224		Option to store certificate history in individual secrets		2	2y	2d	9mo		kind/feature lifecycle/rotten	commented contributor-last recv-q send
6179		CRDs shouldn't be templated in Helm		5 2 31	3y	12min	9mo		priority/backlog lifecycle/rotten	commented contributor-last recv-q send
3706		renewal-hooks		4 3 22	5y	12d	12d		kind/feature priority/important-longterm lifecycle/rotten	author-last commented recv recv-q
7684		Add support for namespaced deployment Similar: #2525: Better support multi-namespace & single-namespace deployments (open)			1y	2mo	1y		kind/feature lifecycle/rotten	contributor-last pr-merged recv recv-q similar
7764		Doc: Add leaderElection.namespace recommendation			1y	1d	9mo		size/XS release-note-none lifecycle/rotten dco-signoff: yes ok-to-test area/deploy needs-kind	commented contributor-last recv-q send unreviewed
7662		Fix the issue of webhook routes generating duplicate operation IDs			1y	2mo	1y		do-not-merge/release-note-label-needed needs-ok-to-test size/M area/acme lifecycle/rotten dco-signoff: yes needs-kind	contributor-last recv recv-q unreviewed
650		Pod goes out of readiness			11mo	2mo	11mo		lifecycle/rotten	contributor-last recv
222		[Feature] - Ability to inject a CA cert into a cert-manager managed secret resource		16	2y	12d	9mo		lifecycle/rotten	commented contributor-last pr-merged send
33		Support CRDs as target		5	4y	2mo	11mo		lifecycle/rotten priority/backlog	commented contributor-last send
4		Feature: By default, require only self-signed certificates in a bundle			4y	2mo	11mo		kind/feature help wanted good first issue lifecycle/rotten	commented contributor-last send
683		feat: Add a very basic pre-commit configuration			10mo	3wk	10mo		dco-signoff: yes size/XS lifecycle/rotten	commented contributor-last new-commits

Pull requests: Approved and getting old (2)

Resolution:

Average age: 221.5d, Avg wait: 0.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
7689		Add Vertical Pod Autoscaler		2	1y	3mo	3mo		size/L release-note approved kind/feature dco-signoff: yes ok-to-test area/deploy	assigned assignee-updated changes-requested collaborator-last commented send
625		Add cache validation			17d	14d	17d		dco-signoff: yes approved size/L	commented member-last reviewed-with-comment send

Pull Requests: Stale (138)

Resolution: Add comment and/or close PR

Average age: 399.1d, Avg wait: 113.0d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8722		fix(dns): propagate caBundle to acmeDNS solver, add per-solver override			2mo	5d	2mo		do-not-merge/release-note-label-needed area/api kind/bug kind/feature needs-ok-to-test size/XXL area/acme dco-signoff: yes area/acme/dns01 area/deploy	recv recv-q unreviewed
8734		Fix: include annotations derived from ingress in certificate reconciliation loop			1mo	8d	3wk		size/L do-not-merge/release-note-label-needed kind/bug needs-ok-to-test dco-signoff: yes	author-last commented new-commits recv
8809		scheduler: allow ACME challenges in parallel by ingress class/provider Similar: #8736: scheduler: allow parallel challenges with different HTTP01 ingress classes or DNS01 providers (open) Similar: #8648: fix: for ACME challenge scheduler, allow parallel challenges with dif… (open)			3wk	10d	3wk		size/L release-note kind/feature needs-ok-to-test area/acme dco-signoff: yes	author-last recv recv-q reviewed-with-comment similar
8485		Adds Sign API call metric for the Vault issuer.			4mo	16d	4mo		size/L release-note needs-rebase kind/feature needs-ok-to-test dco-signoff: yes area/monitoring	contributor-last recv recv-q unreviewed
8712		feat(metrics): add Vault Sign() request duration instrumentation			2mo	16d	2mo		size/L do-not-merge/release-note-label-needed needs-rebase needs-ok-to-test dco-signoff: yes area/monitoring needs-kind	contributor-last recv recv-q unreviewed
8457		feat(acme): add support for ECDSA account key algorithm in ACME issuers Similar: #8585: feat: support ECC keys for ACME account private keys (open)		2	4mo	3wk	6wk		release-note size/XL area/api kind/feature area/acme dco-signoff: yes area/testing ok-to-test area/deploy	commented new-commits send similar
8786		fix(vault): support cross-signed intermediate CAs			4wk	3wk	4wk		do-not-merge/release-note-label-needed kind/bug needs-ok-to-test size/M dco-signoff: yes	recv recv-q unreviewed
8803		Bound DNS-over-HTTPS response read with io.LimitReader			3wk	3wk	3wk		size/XS release-note kind/bug area/acme dco-signoff: yes ok-to-test area/acme/dns01	commented member-last send unreviewed
8574		feat(design): proposed ari design			3mo	4wk	2mo		size/L release-note-none kind/design dco-signoff: yes	commented reviewed-with-comment
8697		fix: retry ACME challenge on timeout, closes #8696			2mo	4wk	2mo		release-note needs-rebase size/S kind/bug needs-ok-to-test area/acme dco-signoff: yes	contributor-last recv recv-q reviewed-with-comment
8585		feat: support ECC keys for ACME account private keys Similar: #8457: feat(acme): add support for ECDSA account key algorithm in ACME issuers (open) Similar: #303: feat: add support for setting private key encoding (open)			3mo	6wk	3mo		size/L do-not-merge/release-note-label-needed needs-rebase needs-ok-to-test area/acme dco-signoff: yes needs-kind	commented contributor-last recv-q send similar unreviewed
8687		Normalize challenge reason in certmanager_certificate_challenge_status metric			2mo	6wk	2mo		size/L release-note-none needs-ok-to-test dco-signoff: yes needs-kind	author-last recv recv-q reviewed-with-comment
8187		fix: add case for parsing key with ec parameters			8mo	6wk	8mo		size/XS release-note-none kind/bug needs-ok-to-test lifecycle/stale dco-signoff: yes	changes-requested contributor-last recv recv-q
8534		feat: add --dns01-timeout flag to make DNS01 provider API timeout configurable			3mo	7wk	3mo		release-note area/api needs-ok-to-test size/M area/acme dco-signoff: yes area/acme/dns01 needs-kind	contributor-last recv recv-q unreviewed
7583		Support for ACME servers that don't finalize within the ACME client finalizer retry window			1y	7wk	2mo		release-note kind/bug needs-ok-to-test size/M area/acme dco-signoff: yes	approved commented recv-q send
8736		scheduler: allow parallel challenges with different HTTP01 ingress classes or DNS01 providers Similar: #8809: scheduler: allow ACME challenges in parallel by ingress class/provider (open)			1mo	1mo	1mo		size/L release-note kind/bug needs-ok-to-test area/acme dco-signoff: yes area/testing	contributor-last recv recv-q similar unreviewed
8529		fix: schedule readiness re-evaluation at certificate expiry time			3mo	1mo	1mo		size/L release-note kind/bug dco-signoff: yes ok-to-test	collaborator-last commented new-commits send
8718		fix: apply ingressTemplate annotations to edit-in-place ingresses			2mo	1mo	2mo		do-not-merge/release-note-label-needed needs-ok-to-test size/M area/acme dco-signoff: yes area/acme/http01 needs-kind	contributor-last recv recv-q unreviewed
8336		Add global.tolerations to helm chart			6mo	1mo	4mo		release-note needs-rebase kind/feature needs-ok-to-test size/M dco-signoff: yes area/deploy	changes-requested commented recv-q send
8698		fix(digitalocean): resolve DNS01 zones from managed domains			2mo	2mo	2mo		size/L release-note kind/bug needs-ok-to-test area/acme dco-signoff: yes area/acme/dns01	collaborator-last commented send unreviewed
8141		fix(helm): Align targetPorts in metrics endpoints for webhook and cainjector services		2	8mo	2mo	8mo		size/XS release-note-none lgtm lifecycle/stale dco-signoff: yes ok-to-test area/deploy needs-kind	commented contributor-last send unreviewed
8648		fix: for ACME challenge scheduler, allow parallel challenges with dif… Similar: #8809: scheduler: allow ACME challenges in parallel by ingress class/provider (open)			2mo	2mo	2mo		release-note kind/bug needs-ok-to-test size/M area/acme dco-signoff: yes	assigned assignee-updated contributor-last recv recv-q similar unreviewed
8637		fix(helm): roll deployments on config changes (checksum)			2mo	2mo	2mo		do-not-merge/release-note-label-needed kind/feature needs-ok-to-test size/M dco-signoff: yes area/deploy	changes-requested collaborator-last commented send
8639		fix(dns01): don't follow wildcard CNAMEs for challenge domain			2mo	2mo	2mo		size/L do-not-merge/release-note-label-needed kind/bug needs-ok-to-test area/acme dco-signoff: yes area/acme/dns01	contributor-last recv recv-q unreviewed
8624		feat: add autoAnnotations support for Gateway-API			2mo	2mo	2mo		size/XS release-note do-not-merge/work-in-progress kind/feature needs-ok-to-test dco-signoff: yes	collaborator-last commented draft send unreviewed
5743		Add MaxPathLen and add EncodeBasicConstraintsInRequest option to Certificate and CertificateRequest resources			3y	2mo	2mo		size/L release-note area/api kind/cleanup dco-signoff: yes area/testing ok-to-test area/deploy	commented member-last reviewed-with-comment
8631		fix(acme): detect server URL path changes for account re-registration			2mo	2mo	2mo		size/L do-not-merge/release-note-label-needed area/api kind/bug needs-ok-to-test area/acme dco-signoff: yes area/testing area/deploy	contributor-last recv recv-q unreviewed
8630		fix(vault): detect mismatched key from issue endpoint and fail permanently			2mo	2mo	2mo		size/L do-not-merge/release-note-label-needed needs-ok-to-test dco-signoff: yes needs-kind	contributor-last recv recv-q unreviewed
8608		fix: reduce happy-eyeballs fallback delay in Cloudflare DNS provider			3mo	3mo	3mo		size/L release-note needs-rebase kind/bug needs-ok-to-test area/acme dco-signoff: yes area/testing area/acme/dns01	contributor-last recv recv-q unreviewed
8594		Fix typo "commonname" in PreferredChain field comment			3mo	3mo	3mo		release-note-none size/S area/api kind/cleanup needs-ok-to-test dco-signoff: yes area/deploy	contributor-last recv recv-q unreviewed
8395		Clarify code around DNS01 Self Check			5mo	3mo	3mo		release-note-none kind/cleanup size/M area/acme dco-signoff: yes ok-to-test area/acme/dns01	author-last commented recv recv-q reviewed-with-comment
8527		[WIP]:AddS ML-DSA-65 post-quantum signature algorithm support			3mo	3mo	3mo		do-not-merge/release-note-label-needed size/XL needs-rebase area/api do-not-merge/work-in-progress kind/feature needs-ok-to-test dco-signoff: yes area/testing area/deploy	contributor-last recv recv-q unreviewed
8480		Add Subject Key Identifier (SKI) to issued certificates		3	4mo	3mo	4mo		size/L release-note kind/feature dco-signoff: yes area/testing ok-to-test	author-last commented new-commits recv
7886		Improve array field characteristics in API			10mo	4mo	4mo		size/L release-note area/api do-not-merge/hold kind/bug kind/cleanup dco-signoff: yes area/deploy	commented member-last new-commits
8504		WIP: Enable KAL			4mo	4mo			release-note-none do-not-merge/work-in-progress size/M dco-signoff: yes needs-kind	contributor-last recv-q unreviewed
8253		refactor(issuer): add shared factory and per-instance registries			7mo	4mo	4mo		size/L release-note-none lgtm kind/cleanup dco-signoff: yes ok-to-test	commented member-last reviewed-with-comment send
8438		POC: single cert-manager binary			4mo	4mo			release-note-none do-not-merge/work-in-progress kind/feature size/XXL dco-signoff: no	contributor-last draft recv-q unreviewed
8367		feat(helm) add startupProbe and readinessProbe to cert-manager-controller			5mo	5mo	5mo		release-note-none kind/feature needs-ok-to-test size/M dco-signoff: yes area/deploy	commented contributor-last recv recv-q unreviewed
7450		Make ACME Authorization Timeout Configurable Similar: #7852: adds cli option configure ACME challange authorization timeout (open)			2y	5mo	2y		size/L release-note needs-rebase area/api needs-ok-to-test area/acme dco-signoff: yes area/acme/http01 area/deploy needs-kind	commented contributor-last new-commits recv recv-q similar
8071		Handle ACME Accept asynchronously			9mo	5mo	9mo		size/L release-note needs-rebase area/api needs-ok-to-test area/acme dco-signoff: yes area/testing area/deploy needs-kind	contributor-last recv recv-q unreviewed
8262		Bugfix #7388 kid missing issue with Infisical ACME server or any other ACME that requires EAB			6mo	5mo	6mo		size/L release-note needs-ok-to-test area/acme dco-signoff: yes needs-kind	author-last commented recv unreviewed
8674		Allow specifying secret namespaces for CAIssuers			2mo	2mo	2mo		size/L do-not-merge/release-note-label-needed area/api needs-ok-to-test dco-signoff: yes needs-kind	contributor-last recv recv-q unreviewed
2092		docs: add infomaniak third party provider			5wk	5wk	5wk		size/XS dco-signoff: yes	recv recv-q unreviewed
1202		Add section about client cert authentication for vault			3y	7wk	3y		dco-signoff: yes do-not-merge/work-in-progress size/M	commented contributor-last draft new-commits send
1197		doc about new option default-cleanup-policy			3y	7wk	9mo		approved dco-signoff: yes needs-rebase size/M	commented member-last new-commits send
2062		Deploy `cert-manager` on Google Kubernetes Engine Tutorial - remove `google domains`			2mo	2mo	2mo		dco-signoff: no size/XS do-not-merge/work-in-progress	draft recv recv-q unreviewed
2041		docs: link HTTP01 guide to network policy requirements			2mo	2mo	2mo		dco-signoff: yes size/M	recv recv-q unreviewed
2020		docs: add ENISA NIS2 reference to best practice intro			2mo	2mo	2mo		dco-signoff: yes size/M	recv recv-q unreviewed
1785		WIP: Add release-notes generator script and update release docs			8mo	2mo	2mo		dco-signoff: yes size/XXL needs-rebase do-not-merge/work-in-progress	commented member-last reviewed-with-comment send
2023		Adds troubleshooting guide for host missmatch error			2mo	2mo	2mo		size/XS dco-signoff: yes	recv recv-q unreviewed
1607		Document Log Level settings. Document DNS01 delegation using multiple providers.			2y	3mo	2y		dco-signoff: yes needs-rebase size/M	contributor-last recv recv-q unreviewed
1213		Draft of tutorial for Google's Public CA			3y	3mo	3y		dco-signoff: yes size/L needs-rebase ok-to-test	commented contributor-last reviewed-with-comment send
859		Move the meetings and slack information to a separate page			4y	3mo	4y		approved dco-signoff: yes needs-rebase size/M	changes-requested commented member-last send
1686		docs: harmonize `<p>` formatting by dropping internal spaces			1y	3mo	1y		size/XS dco-signoff: yes	assigned changes-requested contributor-last recv recv-q
1640		Update issuer.md			1y	3mo	9mo		size/XS dco-signoff: yes	commented member-last reviewed-with-comment send
948		add note to ingress class definition			4y	3mo	3y		dco-signoff: no size/XS needs-rebase needs-ok-to-test	assigned commented contributor-last send unreviewed
1569		wip: update cert-manager logo svg			2y	3mo	1y		dco-signoff: yes size/L do-not-merge/work-in-progress	commented member-last send unreviewed
1075		Move Issuer / ClusterIssuer and Certificate resource content to a sub-folder of configuration/			3y	3mo	2y		approved dco-signoff: yes size/L needs-rebase	changes-requested commented member-last send
1364		WIP: Patch release checklist			2y	3mo			dco-signoff: yes needs-rebase do-not-merge/work-in-progress size/M	contributor-last recv-q unreviewed
1787		Update Slack links to include both invite and direct channel URLs			8mo	3mo	8mo		size/XS dco-signoff: yes cybr	changes-requested commented member-last send
1447		Explain how to install cert-manager using ArgoCD		3	2y	3mo	2y		dco-signoff: yes size/L	commented contributor-last recv-q reviewed-with-comment send
1909		docs: add ACK RRSA supported AliDNS webhook			5mo	3mo	4mo		size/XS dco-signoff: yes	author-last commented new-commits recv
1672		WIP: docs: Add an wrap-up announcement page			1y	3mo	1y		dco-signoff: yes do-not-merge/work-in-progress size/M	commented draft member-last new-commits send
1724		DRAFT: feat(tutorials): Add Gateway API			11mo	3mo	4mo		dco-signoff: yes size/L do-not-merge/work-in-progress	author-last commented draft recv unreviewed
1611		Update webhook troubleshooting documentation to including necessary curl command.			2y	3mo	2y		dco-signoff: yes size/S	changes-requested contributor-last recv recv-q
1587		Custom Certificate Support for cert-manager Webhook Endpoint			2y	3mo	2y		dco-signoff: yes size/S	recv recv-q unreviewed
1450		Docker testing and validation			2y	3mo	2y		dco-signoff: yes needs-rebase size/M	contributor-last new-commits recv recv-q
1602		acme troubleshooting: how to fix errored challenges			2y	3mo	2y		size/XS dco-signoff: yes	contributor-last recv recv-q reviewed-with-comment
1419		fix: TLSConfig secretName description			2y	3mo	2y		dco-signoff: yes needs-rebase size/S	changes-requested commented contributor-last recv-q send
790		Update route53.md			4y	3mo	2y		dco-signoff: no size/XS needs-rebase needs-ok-to-test	changes-requested commented member-last send
528		Update "Setting Nameservers for DNS01 Self Check" example			5y	4y	5y		size/XS dco-signoff: yes needs-rebase needs-ok-to-test	contributor-last recv unreviewed
290		Add OCI signing as part of existing publish pipeline			1mo	6d			dco-signoff: yes size/L needs-rebase	contributor-last recv-q reviewed-with-comment
36		Add the "cmrel update-release-branch" command			5y	4y	5y		dco-signoff: yes approved size/M needs-rebase do-not-merge/work-in-progress	commented contributor-last draft unreviewed
43		No more requirement "be in the release folder" to run cmrel, remove the flag --cloudbuild			4y	4y			dco-signoff: yes approved size/M needs-rebase	contributor-last unreviewed
637		Fix/chartadditional annotations for cli args			8mo	17d	8mo		dco-signoff: yes size/XS ok-to-test	commented contributor-last recv recv-q reviewed-with-comment
728		Deprioritize resync operations			4mo	17d	3mo		dco-signoff: yes size/S ok-to-test needs-rebase	commented contributor-last recv recv-q reviewed-with-comment
787		Apply APIServer TLS security profile to cert-manager deployments			7wk	2wk	7wk		dco-signoff: yes size/L	recv recv-q reviewed-with-comment
768		Add unit tests for pkg/tls Provider			2mo	6wk	2mo		dco-signoff: yes size/L needs-ok-to-test	author-last recv recv-q unreviewed
769		Fix HasIssuerConfig to use RLock instead of Lock			2mo	6wk	2mo		dco-signoff: yes size/XS needs-ok-to-test	author-last recv recv-q unreviewed
868		feat(annotations): Add annotation-based policy enforcement			2mo	2mo	2mo		dco-signoff: yes size/L	author-last recv recv-q reviewed-with-comment
875		Fix Store() to detect duplicate approver names within a single call			2mo	12d	6wk		dco-signoff: yes size/S ok-to-test	commented contributor-last new-commits recv
628		Grant cert-manager RBAC to use all policies by default			1y	7mo	7mo		dco-signoff: yes size/M	commented contributor-last recv-q send unreviewed
921		Add explicit unit tests for v1alpha1 Bundle conversion			2mo	12d	2mo		dco-signoff: yes size/XL ok-to-test	commented contributor-last new-commits recv-q send
946		feat: add keepCertHistory for automatic CA cert retention on rotation			7wk	14d	7wk		dco-signoff: yes needs-ok-to-test size/XXL	recv recv-q reviewed-with-comment
948		release: publish trust-manager.crds.yaml as a GitHub Release artifact			7wk	3wk	4wk		dco-signoff: yes size/M needs-ok-to-test needs-rebase	commented contributor-last recv-q send unreviewed
836		Set securityContext and podSecurityContext in values Similar: #345: chore: add existing securityContext settings to values (open)			5mo	16d	16d		dco-signoff: yes size/L ok-to-test	commented member-last reviewed-with-comment send similar
762		Add support for injecting CA from secret for trust manager Webhook			8mo	4wk	4mo		dco-signoff: yes needs-ok-to-test size/S needs-rebase	commented contributor-last recv-q reviewed-with-comment send
900		chart: add startupapicheck to ensure trust-manager is ready after install			3mo	3mo	3mo		dco-signoff: yes needs-ok-to-test size/XL	contributor-last recv recv-q unreviewed
558		feat(helm-chart): add ability to set pod level security context			1y	3mo	10mo		dco-signoff: yes ok-to-test size/S	commented recv-q send unreviewed
395		WIP: feat: inject bundle data into configmap			2y	4mo	4mo		dco-signoff: yes size/L do-not-merge/work-in-progress	commented member-last unreviewed
702		User-facing migration to ClusterBundle			9mo	6wk	2mo		dco-signoff: yes do-not-merge/hold size/XXL	commented contributor-last reviewed-with-comment
654		Add design for trust source plugins			11mo	5mo	11mo		dco-signoff: yes size/M do-not-merge/work-in-progress	commented draft reviewed-with-comment send
188		Remove SetCertificateRequestConditionError		3	2y	3mo	3mo		dco-signoff: yes size/XXL	commented member-last new-commits
324		[VC-35742] Handle canceled context to prevent extra retries			9mo	9mo	9mo		dco-signoff: yes size/S do-not-merge/work-in-progress needs-ok-to-test	commented draft member-last send unreviewed
24		Add conformance tests			3y	2y	3y		dco-signoff: yes size/XXL approved needs-rebase	assigned commented contributor-last reviewed-with-comment
186		Remove GetIssuerTypeIdentifier from Issuer API			2y	11mo			dco-signoff: yes needs-rebase size/L	contributor-last recv-q unreviewed
642		fix: allow disabling PKCS12 without password			5wk	4wk	4wk		dco-signoff: yes size/M ok-to-test	commented member-last reviewed-with-comment send
502		Enable csi-lib metrics			7mo	3mo	3mo		dco-signoff: yes size/S needs-rebase ok-to-test	commented member-last reviewed-with-comment send
251		PoC: Generate SPIFFE identities in csi-driver			2y	2y	2y		dco-signoff: yes size/S do-not-merge/work-in-progress needs-rebase	commented contributor-last draft recv-q unreviewed
129		Add attribute support for certificate subject			3y	2y	2y		dco-signoff: yes size/L needs-rebase ok-to-test	commented contributor-last reviewed-with-comment send
135		Added options to all containers			3y	2y	3y		dco-signoff: yes size/L needs-rebase ok-to-test	commented contributor-last send unreviewed
650		NodePublishSecretRef			3wk	3wk	3wk		size/L dco-signoff: no needs-rebase needs-ok-to-test	contributor-last recv recv-q unreviewed
107		Remove csi-driver-spiffe approver			2y	2y			size/XXL dco-signoff: no do-not-merge/work-in-progress needs-rebase	contributor-last draft unreviewed
148		limit-namespaces for namespace-scope deployments			1y	2mo	1y		dco-signoff: no size/S needs-ok-to-test	contributor-last recv recv-q unreviewed
303		feat: add support for setting private key encoding Similar: #8585: feat: support ECC keys for ACME account private keys (open)			6mo	5mo	6mo		dco-signoff: yes size/L needs-ok-to-test	recv recv-q reviewed-with-comment similar
117		fill spec.tls.caCertificate in route with intermediate ca certificate…			2y	1y	2y		dco-signoff: yes size/M needs-rebase ok-to-test	commented contributor-last new-commits recv-q send
223		NodePublishSecretRef			3wk	3wk	3wk		dco-signoff: no size/L needs-ok-to-test	contributor-last recv recv-q unreviewed
211		Fix: concurrent NodePublishVolume calls could mount volume without certificates			6wk	6wk	6wk		dco-signoff: yes size/L needs-ok-to-test	contributor-last recv recv-q unreviewed
71		Refactor filesystem.go and adapt tests to use a real file system			2y	11mo	11mo		dco-signoff: yes size/L	commented member-last reviewed-with-comment
1160		config: exempt Copilot-authored PRs from DCO requirement in Tide			3mo	2mo	2mo		dco-signoff: no size/S do-not-merge/work-in-progress needs-ok-to-test	commented draft member-last send unreviewed
1114		Add the 'cybr' label			8mo	8mo	8mo		size/XS dco-signoff: yes	commented member-last reviewed-with-comment send
549		Split (helm) generate-crds target			4mo	4mo	4mo		dco-signoff: yes size/M	commented member-last reviewed-with-comment
541		Add Kube API linter			4mo	4mo	4mo		dco-signoff: yes size/M needs-rebase	commented contributor-last recv-q reviewed-with-comment send
293		Add Helm chart image baking Similar: #104: Add Chart image baking (open)			1y	9mo			dco-signoff: yes size/S needs-rebase	contributor-last recv-q similar unreviewed
470		feat(helm): adding `helm-diff` target			7mo	6mo	6mo		dco-signoff: yes size/S cybr ok-to-test	commented contributor-last new-commits recv recv-q
55		feat: add test module			2y	2y	2y		dco-signoff: yes size/M	commented contributor-last recv reviewed-with-comment
104		Add Chart image baking Similar: #293: Add Helm chart image baking (open)			1y	9mo	9mo		dco-signoff: yes size/L needs-rebase	commented member-last reviewed-with-comment send similar
69		Add auditing tool for confirming who has access to the cert-manager org			2mo	2mo			dco-signoff: yes size/XL	contributor-last recv-q unreviewed
11		Governance: folks meaningfully contributing to the biweekly can become GitHub Members			2y	7mo			do-not-merge/work-in-progress dco-signoff: yes size/S	draft reviewed-with-comment
64		Add imagePullSecrets to template			2y	2y	2y		size/XS dco-signoff: yes needs-ok-to-test	contributor-last recv unreviewed
59		cleanup: remove unused NOTES.txt file			2y	2y	2y		size/XS dco-signoff: yes needs-ok-to-test	contributor-last recv unreviewed
1		Manage the cert-manager GitHub organisation from this repo			2y	2y	2y		dco-signoff: yes size/XXL	commented member-last unreviewed
13		Various QA fixes			4mo	4mo	4mo		dco-signoff: yes size/L needs-ok-to-test	author-last commented new-commits recv
4		Add support for custom license templates			2y	10mo			dco-signoff: yes size/S	contributor-last recv-q unreviewed
8		Optionally output a unified diff			6mo	5wk	4mo		dco-signoff: yes needs-rebase size/XL needs-ok-to-test	commented contributor-last recv recv-q unreviewed
143		feat: allow creating or reusing an existing sa			2y	6wk	2y		needs-rebase ok-to-test	contributor-last recv recv-q unreviewed
159		Split certificate chain			2y	2mo	1y		needs-rebase	commented contributor-last recv-q reviewed-with-comment send
345		chore: add existing securityContext settings to values Similar: #836: Set securityContext and podSecurityContext in values (open)			8mo	8mo	8mo		size/M dco-signoff: yes	contributor-last recv recv-q similar unreviewed
141		re-adding required clusterrole permission			2y	1y	2y		size/XS	author-last recv unreviewed
9 previously listed items omitted: #8766 #7662 #7689 #2097 #2042 #918 #683 #501 #486

Overdue answers for a question (47)

Resolution: Add a comment

Average age: 1116.6d, Avg wait: 613.9d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8776		When performing DNS challenges, the Describe Domains interface is subject to rate limiting			5wk	14d	5wk		kind/bug	recv recv-q
8522		Support pulling additional fields from secret when using external account binding		2	3mo	3mo	3mo		kind/feature	recv recv-q
8251		Top-level ticket: ListenerSet		8	7mo	7wk	3mo		cybr	commented pr-merged recv-q send
8094		HTTP-01 challenge returns 502 with App Gateway (works with NGINX ingress controller)			8mo	4mo	8mo			recv recv-q
7766		Certificate: Let me specify the concatenation order for CombinedPEM output format			1y	3mo	1y		kind/feature	author-last recv recv-q
7751		Custom key usage extensions			1y	3mo	4mo		kind/feature	commented recv recv-q
7561		Feature Request RFC: Push notifications from cert-manager to <other service> when certificates are issued			1y	5wk	7mo		kind/feature	author-last commented recv recv-q
6010		Support the ACME Renewal Information (ARI) extension PR#8574: feat(design): proposed ari design commented		2 20	3y	2mo	1y		kind/feature	commented pr-reviewed-with-comment recv recv-q
5917		Waiting for DNS-01 challenge propagation: DNS record for mydomain.com not yet propagated		43	3y	2mo	3y		kind/bug priority/important-longterm	assigned assignee-updated recv recv-q
5864		Certmgr allows creating certificates expiring after ca expiration.		4 33	3y	8mo	1y		lifecycle/frozen kind/bug cybr	commented pr-closed recv-q send
2930		Mirror to gcr.io or dockerhub		2 29	6y	13d	2y		lifecycle/frozen kind/feature priority/important-soon area/deploy	assigned assignee-updated commented recv-q send
2820		Add ability to set `pathlen:0` for CA certs in `X509v3 Basic Constraints`			6y	2mo	2mo		area/api good first issue kind/feature priority/important-longterm	assigned assignee-updated commented pr-closed pr-merged recv-q send
944		Document how to install cert-manager in a different namespace		4	4y	2y	4y		good first issue	recv recv-q
354		DigitalOcean access-token should not be base64-encoded			5y	5y	5y		priority/awaiting-more-evidence	author-last recv recv-q
320		Document how to install cert-manager using gitops and known issues with particular gitops implementations		5	5y	2y	5y		documentation help wanted priority/backlog	commented pr-merged recv-q
197		Document ACME account mismatch PR#2023: Adds troubleshooting guide for host missmatch error unreviewed			6y	1y	6y		good first issue priority/backlog kind/documentation	pr-unreviewed recv recv-q
137		Documentation on rotating the root certificate		3	4y	1y	4y			recv recv-q
130		Document best-practices for minimal vault role configuration for istio-csr			4y	2y	4y			recv recv-q
287		Getting Readiness probe failed when using cert-manager-istio-csr Similar: #84: csr readiness probe failed, istio ingress pod also failed (open)			2y	2y	2y			author-last recv recv-q similar
84		csr readiness probe failed, istio ingress pod also failed Similar: #287: Getting Readiness probe failed when using cert-manager-istio-csr (open)		2	4y	2y	4y		support	recv recv-q similar
431		istio-csr pod healthz check fails for long time in v0.11.0 and v0.12.0			2y	2y	2y			recv recv-q
113		Integrating with istio helm chart installs		15	4y	2y	4y			recv recv-q
176		certificateDuration is not used for the Istio CSR generated certificate requests			3y	10mo	3y			pr-closed recv recv-q
869		[Feature Request] Support Annotations in Approval Policies PR#868: feat(annotations): Add annotation-based policy enforcement commented			2mo	2mo	2mo			author-last commented pr-reviewed-with-comment recv recv-q
560		Support rotated certificate sources PR#946: feat: add keepCertHistory for automatic CA cert retention on rotation commented Similar: #8378: Support `PodCertificateRequest` (open)		39	1y	5mo	1y			commented pr-reviewed-with-comment recv recv-q similar
142		expose bundles CRD as release artifact PR#948: release: publish trust-manager.crds.yaml as a GitHub Release artifact unreviewed		2 12	3y	2mo	10mo		help wanted lifecycle/stale	author-last commented pr-unreviewed recv recv-q
301		Add support for kubectl installation Similar: #197: Kubectl One-line Installation Support (open)			2y	1y	2y		lifecycle/frozen	author-last commented open-milestone recv recv-q similar
60		overriding trusted namespace		10 18	3y	3mo	1y			commented recv-q send
583		Security Posture improvements			3mo	5wk	3mo			recv recv-q
171		E2E Test Cleanup			2y	14d	2y		good first issue	commented recv-q
130		JKS support		6	3y	2y	3y			recv recv-q
17		ability to specify pod IP in volume attributes		8	6y	2y	6y			commented recv recv-q
58		certificate cannot be renewed, error message: "key does not match certificate"		4	2y	2y	2y			recv recv-q
22		Customize the deployment of cert-manager installed via OLM		5 6	5y	2y	4y			commented recv recv-q
17		Operator prevents passing extraArgs helm value		7	5y	3y	5y			recv recv-q
74		Consistency issues due to the use of mount binds			2y	5wk	2y			commented recv recv-q
487		Helm chart `image` named template conflicts with cert-manager 1.20.x		2	7wk	5wk	7wk			commented pr-closed recv-q send
148		Certificate chain is not split correctly PR#159: Split certificate chain commented		5	2y	2y	2y			author-last pr-reviewed-with-comment recv recv-q
9 previously listed items omitted: #8493 #6716 #8373 #5751 #3706 #3521 #5048 #5867 #850

Updated support requests (133)

Resolution: Move out of support, or add a comment

Average age: 635.8d, Avg wait: 520.5d

ID	Au	Desc	As	Rea	Cr	Up	Re	Cmntrs	Labels	Tags
8863		Your project is now listed on CodeGuilds			6d	6d	6d			recv
8847		Certificate Stuck In Failed Renewal State Similar: #5716: Certificate renewal fails during DNS challenge with Route53 (closed)			10d	10d	10d		kind/bug	recv similar
8835		Make signatureAlgorithm configurable			16d	16d	16d		kind/feature	recv
8848		CertificateOwnsSecret panics with index out of range [0] when Certificate is deleted during namespace teardown			10d	10d	10d			recv
8763		Minimize cert-manager and trust-manager Controller Privileges			6wk	6wk	6wk		kind/feature	recv
8853		Gateway-derived Certificate includes hostnames already covered by wildcard listener, causing ACME Order failure			8d	8d	8d		kind/bug	recv
8754		Test Flake: TestDynamicAuthorityMulti: authority_test.go:175: Timeout waiting for rotation			6wk	6wk	6wk		kind/flake	recv
8702		202 Accepted Response - Certificate Request failed - Unexpected status code on TPP Certificate Request.			2mo	2mo	2mo			recv
8745		helm verify fails due to filename containing a 'v' prefix on the version in the provenance file			7wk	6wk	7wk		kind/bug	author-last recv
8586		Misconfiguration caused hammering of DigitalOcean API PR#8698: fix(digitalocean): resolve DNS01 zones from managed domains unreviewed			3mo	3mo	3mo		kind/bug	pr-unreviewed recv
8530		Allow usage of the new DNS-PERSIST-01 challange for ACME Similar: #8373: DNS-PERSIST-01 challenge support (planned for late Q1 2026) (open)		19	3mo	3mo	3mo		kind/feature	recv similar
8512		ArtifactHub install command causes Helm fallback warning due to missing v prefix			3mo	4wk	3mo			recv
8572		Solver ingressTemplate annotations are not applied to existing Ingress resources when acme.cert-manager.io/http01-edit-in-place: 'true' is set PR#8718: fix: apply ingressTemplate annotations to edit-in-place ingresses unreviewed Similar: #1715: The ingress annotation `cert-manager.io/secret-template` is not documented (open)			3mo	3mo	3mo		kind/bug	author-last pr-closed pr-unreviewed recv similar
8481		FYI: cert-manager-webhook-libdns			4mo	4mo	4mo			recv
8458		Vault approle configuration			4mo	4mo	4mo		kind/feature	recv
8479		Subject Key Identifier (SKI) missing on issued certificates by self-signed CA PR#8480: Add Subject Key Identifier (SKI) to issued certificates new-commits			4mo	4mo	4mo		kind/feature	pr-new-commits recv
8402		ZeroSSL issues all certs with the same hour (yyyy-mm-ddT15:59:59Z)			5mo	2mo	2mo		kind/feature priority/important-longterm	author-last commented recv
8372		HTTP-01 challenge: support stateless http-01 challenge			5mo	5mo	5mo		kind/feature	recv
8235		Cert-manager support for Issuer-managed keys			7mo	13d	7mo		kind/feature lifecycle/stale	commented recv
8209		Add revocation at certificate deletion Similar: #28: Certificate revocation from CAS Console (open)		3	7mo	13d	7mo		kind/feature	author-last recv similar
8688		Your MCP server earned an A security grade on Loaditout			2mo	2mo	2mo			recv
7834		Provide race condition mitigation support			11mo	5mo	11mo		kind/feature	author-last recv
7788		Be able to default `acme.cert-manager.io/http01-edit-in-place: "true"` behavior in deployment/chart values		5	1y	16d	6mo		kind/feature	author-last commented recv
7531		punycode issue			1y	6wk	1y			author-last recv
8756		cert-manager: SSRF via `Issuer.spec.vault.server`			6wk	6wk	6wk			recv
6662		support overriding of ttl in cloudflare		2	2y	7d	2y		kind/feature priority/backlog	author-last commented recv
8679		Allow managing SSH-CA			2mo	2mo	2mo		kind/feature	recv
5540		Changelog annotations to chart			3y	4mo	3y		kind/feature priority/backlog	author-last recv
3992		Add non-CRD yaml file		5	5y	4wk	2y		priority/important-soon area/deploy	author-last commented recv
2105		Confusing reference to latest release in previous release notes			3wk	3wk	3wk			recv
2061		Tutorial: `cert-manager` on Google Kubernetes Engine - Remove Google Domains PR#2062: Deploy `cert-manager` on Google Kubernetes Engine Tutorial - remove `google domains` unreviewed			2mo	2mo	2mo			author-last pr-unreviewed recv
1806		Tutorial depends on no longer available image of kuard		4	8mo	8mo	8mo			recv
1926		Change the Cert Manager Webhook DNS01 of Hetzner Cloud			4mo	4mo	4mo			author-last pr-closed recv
1643		Let's Encrypt Ending Support for Notification Emails			1y	10mo	1y			recv
1625		Configuration issue potentially leading to a memory leak			1y	1y	1y			recv
1935		add third party cert-manager-webhook-infomaniak			4mo	4mo	4mo			recv
1596		Wrong key for cloudflare secret ref in DNS Validation tutorial page			2y	2y	2y			recv
1585		Broken install instructions due wrong cert_manager_latest_version - v1.16.1			2y	2y	2y			recv
1490		GKE tutorial falsely claims it's possible to create LE certificate without domain (only IP)			2y	2y	2y			author-last recv
1620		Cert Manager allows the creation of Illegal wilcard SANs			1y	1y	1y			recv
1473		Add ArtifactHub packages to website			2y	2y	2y		priority/backlog	recv
2019		Add ENISA NIS2 reference to best practice intro			2mo	2mo	2mo			recv
1608		Renaming Securing NGINX-ingress to ingress-nginx			2y	2y	2y			recv
1623		Claim about v1beta1/v1alpha2 support for gateway api is misleading			1y	1y	1y			recv
501		Error logs not very helpful		2	1y	1y	1y			recv
244		Populate Subject Fields in Certificate			2y	2y	2y			recv
786		Apply cluster API server TLS security profile to TLS servers (incl. curves / key exchange preferences) PR#787: Apply APIServer TLS security profile to cert-manager deployments commented			7wk	3wk	7wk			pr-reviewed-with-comment recv
466		Document How to Configure Common Scenarios			2y	2y	2y			recv
452		CRDs in the Release files		3	2y	2y	2y			recv
983		Is it possible to read content from the binaryData field of configmaps to generate Bundles?			18d	18d	18d			recv
848		Request for cryptographic mechanisms used in cert-manager-trust-manager			4mo	4mo	4mo			recv
881		Helm install fails when extraObjects contains Bundles			4mo	4mo	4mo			recv
835		Helm Chart cannot set securityContext			5mo	5mo	5mo			recv
742		Add option to disable webhook in Helm chart			9mo	10d	9mo		kind/feature	author-last commented recv
988		bug: ServiceMonitor is matching both services			13d	13d	13d			recv
913		Feature Request: Allow files as a source.			2mo	2mo	2mo			recv
886		Allow creating `ClusterRole` aggregations			4mo	4mo	4mo		kind/feature	recv
613		Support POD_HOSTNAME as a variable			2mo	2mo	2mo			recv
521		RFC: Cert-Manager CSI Driver as Secret Store Provider			6mo	6mo	6mo			recv
267		Does cert-manager-csi-driver support AWS EKS with AWS Fargate nodes?			2y	2y	2y			recv
353		mismatch between the key and the certificate signature algorithm			1y	1y	1y			recv
241		Missing cert-manager.io/revision-history-limit volume attributes for CSI-Driver		6	2y	2y	2y			recv
385		Helm Install of cert-manager-csi-driver Fails on Minikube with /dev/bus/usb Errors			1y	1y	1y			author-last recv
636		Cert fails to issue, but main container starts anyway			6wk	6wk	6wk			recv
383		[Feature Request] Adding attributes that available in Certificate CRD to CSI Driver		6	1y	1y	1y			recv
264		Certificate renewal doesn't change file 'modified date'			2y	2y	2y			recv
204		Support for creating certificate for wildcard route Similar: #8121: Support for Creating CertificateRequest from Kubernetes Secret (open) Similar: #56: Support for destinationCaCertificate / Reencrypt Routes (open)			11mo	6mo	11mo			recv similar
116		Release static manifests (no helm) for v0.6.0-alpha.0+		2	2y	2y	2y			recv
174		Standby Replicas without lease use lots of CPU			1y	1y	1y			recv
56		Support for destinationCaCertificate / Reencrypt Routes Similar: #8767: Add support for CRLDistributionPoints on Certificate resources (open) Similar: #204: Support for creating certificate for wildcard route (open)		2	2y	2y	2y			recv similar
306		[FEATURE]Enable setting private key encoding via annotation PR#303: feat: add support for setting private key encoding commented			6mo	6mo	6mo		kind/feature	author-last pr-reviewed-with-comment recv
54		Same certificate in path based Routes		4	2y	1y	2y			pr-closed recv
46		Cert-manager operator fails to issue certificates			4y	4y	4y			recv
3		Restrict operator RBAC permissions			6y	2y	6y		priority/backlog	pr-merged recv
63		Is it possible to only create Issuer and remove the CluserIssuer			1y	1y	1y			recv
62		Limit the controller-manager to access secrets only from specific namespace			1y	1y	1y			recv
122		asdf cmctl installer issues		2	2y	2y	2y			author-last commented recv
690		Clean up Presets			4y	2y	4y		priority/backlog	pr-merged recv
594		Document infra image bumps and versioning			4y	2y	4y		priority/backlog	recv
263		helm-tool help should be more helpful			4wk	4wk	4wk			recv
80		How to deal with K8s timelimit in 30s ?			2y	2y	2y			recv
37		Add logging example			4y	2y	4y			pr-closed recv
46		Code reference a pull request to be merged, but the pull request was closed by a robot			3y	4mo	3y			recv
72		readyz and healthz api			2y	2y	2y			recv
81		How to enable leader election in the webhook?			1y	1y	1y			recv
74		Why cert-manager looks for a CNAME record instead of a TXT record?			2y	2y	2y			recv
7		Dependency Dashboard			6mo	5wk	6mo			recv
500		Feature Request: Support for Failover / Secondary CA Pool in GoogleCASIssuer			5wk	5wk	5wk			recv
133		Allow to use a custom Service Account PR#143: feat: allow creating or reusing an existing sa unreviewed		5	2y	2y	2y			pr-unreviewed recv
102		certificate renewal does not work in due to auth issue to privatecaapi end point			3y	2y	3y			recv
361		[Helm] allow `enabled` as key in values schema			7mo	7mo	7mo			recv
162		Issue: Broken config when using commonLabels			2y	2y	2y			recv
485		[Feature Request] Propagate Kubernetes Metadata to Google Cloud CAS Labels PR#486: feat: propagate Kubernetes metadata to Google CAS labels commented			1mo	1mo	1mo			pr-reviewed-with-comment recv
40 previously listed items omitted