-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PreferredChain behaviour for letsEncrypt certificates after february 8 #6757
Milestone
Comments
germanmichelena-dia
changed the title
preferredChain behaviour for letsEncrypt certificates after february 8
PreferredChain behaviour for letsEncrypt certificates after february 8
Feb 14, 2024
See #6755 (comment) for our current plan of action. |
Thanks for the quick answer, I agree with the solution |
Let's leave this open and pin it so that users can read more about it, until until we implement the solution: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On 11/02/2024 some letsencrypt certificates where updated in our cluster, and they were generated with the old certificate chain (signed by DST Root CA X3). We had configured as preferredChain in the clusterissuer "ISRG Root X1". It seems that after letsencrypt change in the default chain provided, the preferredChain configuration is not working properly.
https://community.letsencrypt.org/t/shortening-the-lets-encrypt-chain-of-trust/201580
To solve this, we removed the preferredChain configuration in the clusterissuer, and the certificate provided by letsencrypt was the right one (signed by ISRG Root X1). Is anyone else having this issue?
Our cert-manager version is 1.12.3
The text was updated successfully, but these errors were encountered: