Skip to content

Certificate not re-issued after keystore format change #5397

New issue
New issue
Closed
#5597
Closed
Certificate not re-issued after keystore format change#5397
#5597
Labels
kind/bugCategorizes issue or PR as related to a bug.lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.
@stephan2012

Description

@stephan2012
stephan2012
opened on Aug 23, 2022

Describe the bug:

When changing an existing Certificate request to issue a pkcs12 keystore instead of jks, cert-manager does not issue a new certificate. In other words, the secret still contains just keystore.jks.

Expected behaviour:

cert-manager should issue a new certificate when the keystore section in the Certificate CRD changes.

Steps to reproduce the bug:

Create a Certificate that includes something like

spec:
  keystores:
    jks:
      create: true
      passwordSecretRef:
        key: secret
        name: foobar

and change it to

spec:
  keystores:
    pkcs12:
      create: true
      passwordSecretRef:
        key: secret
        name: foobar

Anything else we need to know?:

N/A

Environment details::

  • Kubernetes version: v1.23.9
  • Cloud-provider/provisioner: kubeadm
  • cert-manager version: v1.9.1
  • Install method: Helm

/kind bug

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions