cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

cert-manager 1.14 brings a variety of features, security improvements and bug fixes, including: support for creating X.509 certificates with "Other Name" fields, and support for creating CA certificates with "Name Constraints" and "Authority Information Accessors" extensions.

⚠️ This version has known issues. Please install v1.14.2 instead.

⚠️ Known Issues (please install v1.14.2)

• ACME Issuer (Let's Encrypt): wrong certificate chain may be used if preferredChain is configured: see release docs for more info and mitigations
• In cert-manager v1.14.0 and v1.14.1, the CA and SelfSigned issuers issue certificates with SANs set to non-critical even when the subject is empty. It incorrectly copies the critical field from the CSR.

🔧 Breaking changes

See Breaking changes in v1.14.0 release notes

ℹ️ Documentation

• Release notes
• Upgrade notes
• Installation instructions

📜 Changes since v1.14.0

Bug or Regression

• Fix broken cainjector image value in Helm chart (#6693, @SgtCoDFish)
• Fix bug in cmctl namespace detection which prevented it being used as a startupapicheck image in namespaces other than cert-manager. (#6706, @inteon)
• Fix bug in cmctl which caused cmctl experimental install to panic. (#6706, @inteon)