Kube-lego certificates

Dear community support

About 2-3 years ago we installed Kubernetes by hand and we are using kube-lego 0.1.3 (jetstack/kube-lego). Our question is, will these automatically renewed SSL certificates still be valid? Can we continue to use this system?

We ask because we have received a mail for our other environment which uses the Cert-Manager and these certificates will no longer be used.

thx, br luca

Hi @pmiag

I don’t understand that:

If you have a working client and if certificates are created, you can use these.

But if the client is buggy (there are some buggy Cert-Manager versions), then you can’t create certificates.

And you need a v2 - client. ACME-v1 will stop. Read

Hello @JuergenAuer
Thats the Mail (Let’s Encrypt Team)


We’ve been working with Jetstack, the authors of cert-manager, on a series of fixes to the client. Cert-manager sometimes falls into a traffic pattern where it sends really excessive traffic to Let’s Encrypt’s servers, continuously. To mitigate this, we plan to start blocking all traffic from cert-manager versions less than 0.8.0 (the current semver minor release), as of November 1, 2019. Please upgrade all of your cert-manager instances before then.

We’re sending this email because this is the contact address of your cert-manager instance at:

xxx.xxx.xxx.xxx

Version 0.8.0 is much better but we still observe excessive traffic in some cases. We’re working with Jetstack to improve these cases. As new versions of cert-manager are released, we will add the non-current versions to our block list after 3 months. We strongly encourage cert-manager users to stay up-to-date with new versions.

Also, there is an opportunity to help both Jetstack and Let’s Encrypt.
Once you’ve upgraded, please check the logs for your cert-manager instances from time to time. Are they making excessive requests to Let’s Encrypt (more than, say, 10 per day over multiple days)?If so, please share details at https://github.com/jetstack/cert-manager/issues/1948 .

Thanks,
Let’s Encrypt Team

That’s the mail because of the buggy cert-manager version.

That client must be updated.

2 Likes

@JuergenAuer

okay then everything is fine - thanks for replying

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.