You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the issued certificate is stored as a secret that has only the (leaf) certificate and the private key. At least Let's encrypt (possibly all ACME providers?) provides the full cert chain when using certbot. Some applications do want the full cert chain instead of just the leaf certificate, so it would be good if cert-manager would allow this too.
Describe the solution you'd like
One possible solution would be to specify the chain secret name in the Certificate manifest, e.g. fullChainSecretName: my-full-chain, which would be similar to how secretName works now.
Environment details (if applicable):
Kubernetes version (e.g. v1.10.2): k3s (v1.13.4-k3s.1)
Cloud-provider/provisioner (e.g. GKE, kops AWS, etc): bare metal
cert-manager version (e.g. v0.4.0): 0.7.0
Install method (e.g. helm or static manifests): static manifest
/kind feature
The text was updated successfully, but these errors were encountered:
Currently, the issued certificate is stored as a secret that has only the (leaf) certificate and the private key. At least Let's encrypt (possibly all ACME providers?) provides the full cert chain when using certbot. Some applications do want the full cert chain instead of just the leaf certificate, so it would be good if cert-manager would allow this too.
Describe the solution you'd like
One possible solution would be to specify the chain secret name in the Certificate manifest, e.g.
fullChainSecretName: my-full-chain
, which would be similar to howsecretName
works now.Environment details (if applicable):
/kind feature
The text was updated successfully, but these errors were encountered: