Does kube-cert-manager handle cert renewals?

[mailtruck]

Let's Encrypt certs expire every 6 months right?

Does kube-cert-manager handle renewals?

P.S. Thank you for this project!

[chenrui333]

Is there anyone can speak on this?

[whereisaaron]

It is every 3 months, and yes systems like kube-cert-manager check and replace certificates that are about to expire.

I'd also recommend also considering the fork of this project, which I think has some improvements of the original project.

https://github.com/PalmStoneGames/kube-cert-manager

And also the new generation of this type of project cert-manager, which based on the experiences gained with older system like kube-lego and kube-cert-manager. It is not simpler, but it is a lot more flexible as a cluster-wide service, supporting namespaced DNS provider credentials for multi-tenant/multi-project clusters, and well as support for multiple DNS providers (at the same time), as well as self-signed issuers, and vault as an issuer. It also supports ACME v2 which enables issuing wildcard certificates.

https://github.com/jetstack/cert-manager

[chenrui333]

Thanks @whereisaaron for so much info.

I am still not quite clear about how kube-cert-manager actually works.
In my case the cert gonna to expire 9/10, do I need to do anything before that?

[whereisaaron]

Not sure about this project, but in the fork I think the default it is renew ~7-10 days before expiry. I monitor and alert if a cert only has 4 days to go.

[chenrui333]

@whereisaaron Where I can find this info, the default it is renew ~7-10 days before expiry, in the fork? Much appreciated!

[whereisaaron]

https://github.com/PalmStoneGames/kube-cert-manager/blob/3ff87fe4b4ce3eb9aec6666c131b3bf41989ebb9/main.go#L83