0

I've been pretty happy with kube-lego which manages thousands of certificates for me. I'm now migrating to cert-manager, it's successor, but in my test deployment, I noticed that when cert-manager saw an existing certificate with 33 days left til expiration, it replaced it with a new one even though it didn't really need to.

I'm worried that when I flip the switch from kube-lego to cert-manager, cert-manager will flood Let's Encrypt with thousands of certificate requests all at once. I'd prefer if cert-manager used the existing certificates, previously managed by kube-lego, until each certificate gets closer to its expiration date because it will space out the certificate requests more evenly.

Is it possible to tell cert-manager to use the existing certificates and not request new certificates?

Jesse Shieh
  • 4,660
  • 5
  • 34
  • 49
  • check this question: https://stackoverflow.com/questions/57903159/cert-manager-certificate-renewal-process-how-it-is-performed – Ahmad Faiyaz Feb 19 '20 at 22:12
  • The certificates has 90 days of validity and `certbot renew` automatically renews all certificates with less than 30 days of validity. You can find a workaround here: https://community.letsencrypt.org/t/renewal-within-10-days/52039 – Will R.O.F. Feb 20 '20 at 14:10

0 Answers0