You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I have cert-manager 1.8.2 installed on a AKS 1.27 cluster. I'm using an external issuer to automate the certificates lifecycle.
We add the issuer annotations (name, group, kind) to the ingresses to generate their certificate. However when we change the issuer-group this change is not propagated to the associated certificate resource. I'm wondering if this is a known bug present in this version of cert-manager to consider upgrading.
(edit)
One more question. When I deleted the certificate I was expecting that it was recreated by cert-manager, but that didn't happen, is this an expected behavior?
Let me know if you need any additional details. Thanks
The text was updated successfully, but these errors were encountered:
Hello @jlunaq, awesome to see you using cert-manager.
However when we change the issuer-group this change is not propagated to the associated certificate resource.
It is difficult with annotations. So you edit the Ingress annotations, but the Certificate is not reissued?
I believe re-issuance is only done if you change the certificate spec itself, not the Issuer being used.
So if the cert is valid, changing the issuer would have no effect. But I don't have a reference for this... it's just a hunch.
Could you also try adding. a new annotation that would change the cert, so for example: cert-manager.io/private-key-size: 4096 (assuming you are using RSA keys).
When I deleted the certificate I was expecting that it was recreated by cert-manager, but that didn't happen, is this an expected behaviour?
Cert-manager won't restore a Certificate resource. But do you mean a Certificate that was generated from the annotations on your Ingress resource?
Hello, I have cert-manager 1.8.2 installed on a AKS 1.27 cluster. I'm using an external issuer to automate the certificates lifecycle.
We add the issuer annotations (name, group, kind) to the ingresses to generate their certificate. However when we change the issuer-group this change is not propagated to the associated certificate resource. I'm wondering if this is a known bug present in this version of cert-manager to consider upgrading.
(edit)
One more question. When I deleted the certificate I was expecting that it was recreated by cert-manager, but that didn't happen, is this an expected behavior?
Let me know if you need any additional details. Thanks
The text was updated successfully, but these errors were encountered: