fix: Skip host checks for certs with invalid DNS names

cloudflare / certmgr

Automated certificate management using a CFSSL CA.

BSD 2-Clause "Simplified" License

218 stars 40 forks source link

fix: Skip host checks for certs with invalid DNS names #124

Open juselius opened 3 months ago

juselius commented 3 months ago

Kubernetes system certs have a CN which is not a vaild DNS name (e.g. system:kube-proxy). The hostname check always fails for kubernetes system certs, causing them to be regenerated every 30m, causing trouble.