Annotation generates CertificatesRequests repeatedly until blocked by letsencrypt

[lmiranda]

The following annotation generates CertificatesRequests in a row and Lets Encrypt block it for requesting too many certificates for the same domain. cert-manager.io/duration: 2160h cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-name: letsencrypt-clusterissuer cert-manager.io/renew-before: 360h

[maelvls]

Hi.

This issue is probably caused by the "limited" renewal logic in openshift-routes. Right now, there isn't any error backoff mechanism in place, meaning that I would not recommend using openshift-routes with Let's Encrypt or any service that has a rate limit.

In https://github.com/cert-manager/openshift-routes/issues/34#issue-1821609791, similar concerns were raised: openshift-routes re-implements cert-manager's renewal mechanism, and I think openshift-routes should have gone simpler by creating Certificate resources and letting cert-manager handle retrials and such rather than re-implementing the whole issuance logic.

Fixing this issue will take work as I think we need to start creating Certificate resources rather than hurting ourselves with reimplenting the certificate renewal logic.