Hi there,
we run istio 1.4.0 with certmanager and certificates from Let’s Encrypt. After the announcement of the
CAA bug and the following revocation of effected certificates do I want to trigger the certamanger to
renew the certificates. As far as I know recreates the certificate manager the certificates shortly before the 90 days are over. I do not find a way to trigger the certmanager to renew the certs.
How will I do that?
Best regards,
Jan
i’m not quite understand the problem description. it seems to me that you want to take protection due to the recent letsencrypt accident? and you use the lets encrypt && cert manager in for istio ingress case?
AFAIK, Istio does not manage the certmanager itself, it only ensures when your secrets containing ingress https cert updated, that can be loaded by ingress gateway envoy. If you observe the k8s secret updated, but ingress gateway envoy does not, that’s a bug.
Good morning.
Yes, due to the Let’s Encrypt accident were some certificates of our services faulty. I would like to
renew them on my own.
Well, I achieved this by deleting the current certificate configuration AND the resulted TLS key and
configured the certificate again and waited for the challenges.
The great thing is:
Old SSL certificate were running and working well until the deploying of the new certificates.
But you could be right, the renew should be managed by certmanager itself and not by ISTIO. .-)
Best regards,
Jan
@palic - I’m trying to get my renewed cert in but unfortunately missing something .
Posted here -Importing renewed LetsEncrypt based cert
Can you pls help ?
@adurai81 I had the same issue and was able to get it resolved by restarting the ilbgateway pod in the istio-system namespace