Upgrade of Openshift certificates

Description

The status.ovirt.org certificates expires in April; we have some time but it would be nice to replace Digicert by Let's Encrypt. I see that the cert-manager operator can do that but I have no experience with such integration. It seems like the way to go though (or with another implementation).

I would like to point out that we would need support for HTTP01. DNS01 would be nice but unless we convert the ovirt.org domain fully into a dynamic zone, which I do not recommend, there is an option to use CNAMEs to a dynamic sub-zone; it works fine but it is not yet merged upstream (see https://github.com/certbot/certbot/pull/7244).

Assignee

Evgheni Dereveanchin

Reporter

Marc Dequènes (Duck)

Blocked By

None

Priority

Low
Configure