Kubernetes cert-manager failed to renew certificates automatically. I received some expiration emails with subjects like:
Let's Encrypt certificate expiration notice for domain 'helloworld.example.com'...
My question is:
Does a Certificate object automatically renew, and how to enable the feature?
If no auto-renewal feature, then how to set an external process to periodically renew before expiration date?
Vague memory told me that cert-manager did auto-renew, but I'm not so sure.
In my environment, the current running cert-manager version is 1.0.4 version, a typical certificate object is defined like:
apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: example-letsencrypt-production namespace: default spec: dnsNames: - helloworld.example.com issuerRef: group: cert-manager.io kind: ClusterIssuer name: letsencrypt-production secretName: helloworld-production