-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reverts ACME issuer from forming a chain bundle and populating the ca.crt #4074
Reverts ACME issuer from forming a chain bundle and populating the ca.crt #4074
Conversation
ca.crt Signed-off-by: joshvanl <vleeuwenjoshua@gmail.com>
/assign @jakexks |
Certificate: bundle.ChainPEM, | ||
CA: bundle.CAPEM, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this because we don't get the actual root back from ACME servers, so removing the intermediate and putting it in CA may not be correct?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's right. Although this works in the testing I did, I can't test every user's working setup. Best to leave the current behavior to not break anyone.
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jakexks, JoshVanL The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/kind bug |
This PR reverts the ACME CR controller changes in https://github.com/jetstack/cert-manager/pull/3984/files
Though I have tested that with the changes made above, ingress controllers like NGINX still work correctly, I'm not confident that we are breaking someone somewhere silently.