Home > Net >  Does cert-manager revoke the old certificate upon issuance of a new one?
Does cert-manager revoke the old certificate upon issuance of a new one?

Time:01-18

I am using cert-manager ACME workflow to manage my certificates in K8s. Seems like cert-manager does not give me control on when the certificate gets re-issued (usually happens when expirations comes near).

Does cert manager revoke the previous certificate once it has issued the new one? And can you control this behaviour?

I tried looking for it in documentation, couldn't find the answer. Next up is an experiment.

CodePudding user response:

Cert manager will renew certificates generally when there's 30 or less days left on the validity. It does not "revoke" older certificates, it renews them (where applicable)

The exception to this is if you change the hostnames on the certificate. Certmanager will issue a NEW certificate containing the updated names, but it will not revoke the old certificate. The old certificate will simply just not be renewed and will expire naturally.

  • Related