chenrui333
commented
6 years ago Is there anyone can speak on this?
Open mailtruck opened 6 years ago
chenrui333
commented
6 years ago Is there anyone can speak on this?
whereisaaron
commented
6 years ago It is every 3 months, and yes systems like kube-cert-manager check and replace certificates that are about to expire.
I'd also recommend also considering the fork of this project, which I think has some improvements of the original project.
https://github.com/PalmStoneGames/kube-cert-manager
And also the new generation of this type of project cert-manager, which based on the experiences gained with older system like kube-lego and kube-cert-manager. It is not simpler, but it is a lot more flexible as a cluster-wide service, supporting namespaced DNS provider credentials for multi-tenant/multi-project clusters, and well as support for multiple DNS providers (at the same time), as well as self-signed issuers, and vault as an issuer. It also supports ACME v2 which enables issuing wildcard certificates.
chenrui333
commented
6 years ago Thanks @whereisaaron for so much info.
I am still not quite clear about how kube-cert-manager actually works.
In my case the cert gonna to expire 9/10, do I need to do anything before that?
whereisaaron
commented
6 years ago Not sure about this project, but in the fork I think the default it is renew ~7-10 days before expiry. I monitor and alert if a cert only has 4 days to go.
chenrui333
commented
6 years ago @whereisaaron Where I can find this info, the default it is renew ~7-10 days before expiry, in the fork? Much appreciated!
Let's Encrypt certs expire every 6 months right?
Does kube-cert-manager handle renewals?
P.S. Thank you for this project!