About 2-3 years ago we installed Kubernetes by hand and we are using kube-lego 0.1.3 (jetstack/kube-lego). Our question is, will these automatically renewed SSL certificates still be valid? Can we continue to use this system?
We ask because we have received a mail for our other environment which uses the Cert-Manager and these certificates will no longer be used.
Hello @JuergenAuer
Thats the Mail (Let’s Encrypt Team)
We’ve been working with Jetstack, the authors of cert-manager, on a series of fixes to the client. Cert-manager sometimes falls into a traffic pattern where it sends really excessive traffic to Let’s Encrypt’s servers, continuously. To mitigate this, we plan to start blocking all traffic from cert-manager versions less than 0.8.0 (the current semver minor release), as of November 1, 2019. Please upgrade all of your cert-manager instances before then.
We’re sending this email because this is the contact address of your cert-manager instance at:
xxx.xxx.xxx.xxx
Version 0.8.0 is much better but we still observe excessive traffic in some cases. We’re working with Jetstack to improve these cases. As new versions of cert-manager are released, we will add the non-current versions to our block list after 3 months. We strongly encourage cert-manager users to stay up-to-date with new versions.
Also, there is an opportunity to help both Jetstack and Let’s Encrypt.
Once you’ve upgraded, please check the logs for your cert-manager instances from time to time. Are they making excessive requests to Let’s Encrypt (more than, say, 10 per day over multiple days)?If so, please share details at https://github.com/jetstack/cert-manager/issues/1948 .