Automatically provision and manage TLS certificates in Kubernetes
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.14.5
fixes a bug in the DigitalOcean DNS-01 provider which could cause incorrect DNS records to be deleted when using a domain with a CNAME. Special thanks to @BobyMCbobs for reporting this issue and testing the fix!
It also patches CVE-2023-45288.
preferredChain
is configured: see 1.14 release notes for more information.cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.13.6
fixes a bug in the DigitalOcean DNS-01 provider which could cause incorrect DNS records to be deleted when using a domain with a CNAME. Special thanks to @BobyMCbobs for reporting this issue and testing the fix!
It also patches CVE-2023-45288.
preferredChain
is configured: see 1.14 release notes for more information.cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.12.10
fixes a bug in the DigitalOcean DNS-01 provider which could cause incorrect DNS records to be deleted when using a domain with a CNAME. Special thanks to @BobyMCbobs for reporting this issue and testing the fix!
It also patches CVE-2023-45288.
ACME Issuer (Let's Encrypt): wrong certificate chain may be used if preferredChain is configured: see release docs for more info and mitigations
If you misconfigure two Certificate resources to have the same target Secret resource, cert-manager will generate a MANY CertificateRequests, possibly causing high CPU usage and/ or high costs due to the large number of certificates issued (see https://github.com/cert-manager/cert-manager/pull/6406). This problem was resolved in v1.13.2 and other later versions, but the fix cannot be easily backported to v1.12.x. We recommend using v1.12.x with caution (avoid misconfigured Certificate resources) or upgrading to a newer version.
This is the first alpha release of cert-manager 1.15, which will be released in April or May 2024. The aim of this first alpha is to let people try out using serviceAccountRef
with an external Vault. Read the page serviceAccountRef
with external Vault to know more.
[!NOTE]
The
cmctl
andkubectl_cert-manager
binaries have been moved to https://github.com/cert-manager/cmctl/releases.
serviceAccountRef
with external Vault to know more. (#6718, @andrey-dubnik)cert-manager-certificaterequests-issuer-venafi/v1.15.0+(linux/amd64)+cert-manager/ef068a59008f6ed919b98a7177921ddc9e297200
. (#6865, @wallrj)preferredChain
is configured. (#6755, @import-shiburin)slices
and k8s.io/apimachinery/pkg/util
packages.
Removed deprecated CSR functions which have been replaced with other functions in the pkg/util/pki
package. (#6730, @inteon)cmctl
and kubectl cert-manger
have been moved to the https://github.com/cert-manager/cmctl repo and will be versioned separately starting with cmctl v2.0.0 (#6663, @inteon)cert-manager.io/allow-direct-injection
in annotations (#6801, @jkroepke)cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
cert-manager 1.14 brings a variety of features, security improvements and bug fixes, including: support for creating X.509 certificates with "Other Name" fields, and support for creating CA certificates with "Name Constraints" and "Authority Information Accessors" extensions.
Release notes Upgrade notes Installation instructions
See Breaking changes in v1.14.0 release notes
cert-manager.io/allow-direct-injection
in annotations (#6809, @jetstack-bot)cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
Release notes Upgrade notes Installation instructions
See Breaking changes in v1.13.0 release notes
cert-manager.io/allow-direct-injection
in annotations (#6810, @jetstack-bot)cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
ACME Issuer (Let's Encrypt): wrong certificate chain may be used if preferredChain is configured: see release docs for more info and mitigations
If you misconfigure two Certificate resources to have the same target Secret resource, cert-manager will generate a MANY CertificateRequests, possibly causing high CPU usage and/ or high costs due to the large number of certificates issued (see https://github.com/cert-manager/cert-manager/pull/6406). This problem was resolved in v1.13.2 and other later versions, but the fix cannot be easily backported to v1.12.x. We recommend using v1.12.x with caution (avoid misconfigured Certificate resources) or upgrading to a newer version.
Release notes Upgrade notes Installation instructions
See Breaking changes in v1.12.0 release notes
cert-manager.io/allow-direct-injection
in annotations (#6811, @jetstack-bot)cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
cert-manager 1.14 brings a variety of features, security improvements and bug fixes, including: support for creating X.509 certificates with "Other Name" fields, and support for creating CA certificates with "Name Constraints" and "Authority Information Accessors" extensions.
Release notes Upgrade notes Installation instructions
See Breaking changes in v1.14.0 release notes
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
Release notes Upgrade notes Installation instructions
See Breaking changes in v1.13.0 release notes
github.com/containerd/[email protected]
(#6684, @wallrj)cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
ACME Issuer (Let's Encrypt): wrong certificate chain may be used if preferredChain is configured: see release docs for more info and mitigations
If you misconfigure two Certificate resources to have the same target Secret resource, cert-manager will generate a MANY CertificateRequests, possibly causing high CPU usage and/ or high costs due to the large number of certificates issued (see https://github.com/cert-manager/cert-manager/pull/6406). This problem was resolved in v1.13.2 and other later versions, but the fix cannot be easily backported to v1.12.x. We recommend using v1.12.x with caution (avoid misconfigured Certificate resources) or upgrading to a newer version.
Release notes Upgrade notes Installation instructions
See Breaking changes in v1.12.0 release notes
github.com/containerd/[email protected]
(#6689, @wallrj)