Open frusdelion opened 7 years ago
To answer the second case, the certificate will only be renewed when (1) the cert does not cover all domains, (2) it is expired or is going to expire sooner than the minimum validity setting.
Certificates provisioned before changing the key types will not trigger a certificate request.
See https://github.com/harborfront/kube-lego/blob/master/pkg/ingress/tls.go
Anything going on with this? The functionality is quite useful.
@frusdelion still have interest in this?
This pull request allows for the generation of both RSA and ECC CSRs, ECC being the new default.
This resolves #144