I received an email regarding the impeding block of the jetstack-cert-manager/v0.2 client. Makes sense, I will gt that upgraded.
What is the timeline for blocking? The email just says “We plan to block all API requests from this version shortly”.
Thanks,
Ross
what was in the mail? doesn’t it have any date in it?
Nope, it just says "shortly":
Hello,
Action is required to prevent your Let's Encrypt certificate renewals from
breaking.You have been using the jetstack-cert-manager/v0.2 client to access the Let's
Encrypt API in the past 60 days, from the IP address a.b.c.d .This version of jetstack-cert-manager is very aggressive about retrying its
requests, and has been sending our API many requests per second that it will
never complete successfully. We plan to block all API requests from this
version shortly.We've worked with Jetstack to release an update. Please update to the latest
version of cert-manager, which will reduce the amount of traffic you are
sending to Let's Encrypt. Without an update, your certificate renewals will
break and existing certificates will start to expire.If you need help, please search our forum to see if your question has been
answered, then open a new thread if it has not:
https://community.letsencrypt.org/
Hi @rvandegrift! Welcome to the community!
We’re preparing to roll-out a block for these old clients before the end of this week.
Thanks @ezekiel - if possible, more notice would’ve been nice. We got lucky and just made this week’s change control meeting, but could’ve easily missed it with such short notice.
Thanks for the feedback, @rvandegrift! We generally try to provide more advance notice. In this case we had to act fast because all the extant v0.2 clients hit their bug at once, causing a massive increase in traffic for us.
Also, I’d encourage you to keep your cert-manager up-to-date per our Integration Guide.
Thanks for the quick fix, and apologies for the short notice!
Hi
Is it only v0.2 being blocked? I see the rancher-charts catalogue only has up to 0.5.2 in, so I am upgrading all to that version.
Will that be sufficient?
Welcome @kingjulianza,
At this time, only versions like v0.2.* are affecting us in such a way that it prompts a block.
Thank you all for valuable feedback and clarifications in this discussion!
I've just verified that this change has made it into the Production environment.
Hi,
We had this email as well and began making the update. Just to add to the feedback already given, it would have been really good to get a better idea of the issue in the email, or even a link to a forum post / bug ticket with more details. We were quite in the dark about when the update was taking place, we of course would want to fix it anyway but it’s tough to know if this is a “lets work late to fix this immedietely” or if this is a “we have 2-3 days to get this working right”.
I ended up posting on the jetstack/cert-manager github repo but couldn’t get any more information. I’ve now linked to this article on that issue but it would have been great to include some more information in the original email.
Our of curiosity, what caused this issue to suddenly arise? We’ve been running cert-manager 0.2 since it was the latest version with no issues. We’ll endevour to keep up to date in the future after this.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.