We’ve been working with Jetstack, the authors of cert-manager, on a series of fixes to the client. Cert-manager sometimes falls into a traffic pattern where it sends excessive traffic to Let’s Encrypt’s servers, continuously. To mitigate this, we plan to start blocking all traffic from cert-manager versions less than 0.8.0 (the current semver minor release), as of November 1.
We’ll be sending out notifications to cert-manager clients that meet those criteria over the next two months.
Version 0.8.0 is much better but we still observe excessive traffic in some cases. We’re working with Jetstack to improve these cases. As new versions of cert-manager are released, we will add the non-current versions to our block list after 3 months. We strongly encourage cert-manager users to stay up-to-date with new versions.
Also, if you are a cert-manager user, there is an opportunity to help both Let’s Encrypt and Jetstack. Check the logs for your cert-manager instances. Are they making excessive requests to Let’s Encrypt (more than, say, 10 per day over multiple days)? If so, please share details at https://github.com/jetstack/cert-manager/issues/1948.