Automatically provision and manage TLS certificates in Kubernetes
Clone or download
Latest commit 761f7fc Jan 18, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Add additional issue template types Aug 9, 2018
cmd Merge pull request #1184 from tlmiller/feature/authnss Jan 12, 2019
deploy Bump Helm chart version Jan 18, 2019
design Add a 'Changes to ACME Issuer' section, and add clarifications from r… Jan 14, 2019
docs Merge pull request #1187 from munnerz/update-quickstart Jan 17, 2019
hack Fix references for chart path Jan 17, 2019
pkg Merge pull request #1240 from munnerz/expired-orders-no-cert Jan 18, 2019
test Fix testenv for chart testing Jan 18, 2019
third_party Add SetAccountURI method to ACME client Jan 16, 2019
vendor Run //hack:update-deps Jan 7, 2019
.bazelrc Add root Bazel build files Sep 13, 2018
.gitignore Adding quick-start guide w/ nginx ingress controller Nov 19, 2018
.gitlab-ci.yml Add DOCKER_HOST env var to gitlab build Jan 8, 2019
.kazelcfg.json Add rule to run gazelle and kazel Sep 13, 2018
BUILD.bazel Rearrange Helm charts into deploy/ and test/e2e/charts directories Dec 4, 2018 Create Oct 22, 2017 Add details on DCO sign-off Aug 13, 2018
Gopkg.lock Use mirror to resolve bitbucket issues Dec 4, 2018
Gopkg.toml Use mirror to resolve bitbucket issues Dec 4, 2018
LICENSE add apache 2.0 license Jul 22, 2017
Makefile Use Bazel images for nginx-ingress, vault and tiller Jan 11, 2019
OWNERS Update OWNERS files Jan 16, 2019 hopefully the last formatting tweak for this one Nov 23, 2018
WORKSPACE bump pebble version to get larger timeouts Jan 16, 2019
labels.yaml Update wording Jul 26, 2018


cert-manager is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources.

It will ensure certificates are valid and up to date periodically, and attempt to renew certificates at an appropriate time before expiry.

It is loosely based upon the work of kube-lego and has borrowed some wisdom from other similar projects e.g. kube-cert-manager.

cert-manager high level overview diagram

Current status

As this project is pre-1.0, we do not currently offer strong guarantees around our API stability.

Notably, we may choose to make breaking changes to our API specification (i.e. the Issuer, ClusterIssuer and Certificate resources) in new minor releases.

These will always be clearly documented in the upgrade section of the documentation


Documentation for cert-manager can be found at Please make sure to select the correct version of the documentation to view on the bottom left of the page.

For the common use-case of automatically issuing TLS certificates to Ingress resources, aka a kube-lego replacement, see the cert-manager nginx ingress quick start guide.

See Getting started within the documentation for installation instructions.


If you encounter any issues whilst using cert-manager, we have a number of places you can use to try and get help.

The quickest way to ask a question is to first post on our Slack channel (#cert-manager) on the Kubernetes Slack. There are a lot of community members in this channel, and you can often get an answer to your question straight away!

You can also try searching for an existing issue. Properly searching for an existing issue will help reduce the number of duplicates, and help you find the answer you are looking for quicker.

Please also make sure to read through the relevant pages in the documentation before opening an issue. You can also search the documentation using the search box on the top left of the page.

If you believe you have encountered a bug, and cannot find an existing issue similar to your own, you may open a new issue. Please be sure to include as much information as possible about your environment.


There is a Google Group used for project wide announcements and development coordination. Anybody can join the group by visiting here and clicking "Join Group". A Google account is required to join the group.

Once you have become a member, you should receive an invite to the weekly development meeting, hosted on Wednesdays at 4pm UTC on

Anyone is welcome to join these calls, even if just to ask questions.

Meeting notes are recorded in Google docs.


We welcome pull requests with open arms! There's a lot of work to do here, and we're especially concerned with ensuring the longevity and reliability of the project.

Please take a look at our issue tracker if you are unsure where to start with getting involved!

We also use the #cert-manager channel on for chat relating to the project.

Developer documentation is available in the official documentation.


The list of releases is the best place to look for information on changes between releases.