cert-manager

Name: cert-manager
Rating: 4.7

Kubernetes certificate controller supporting Let's Encrypt, Vault, and more

Secrets ManagementFree (open source); enterprise support from Venafi/CyberArkOpen Source

How we work:This listing is aggregated from cert-manager's official documentation, public pricing pages, community discussions (Reddit, HN, forums), and real user feedback. We do not do hands-on testing. We aggregate and organize what's already out there. Last verified April 2026.

What is cert-manager?

cert-manager is the leading Kubernetes controller for X.509 certificate management. It automates the issuance and renewal of certificates from Let's Encrypt, HashiCorp Vault, Venafi, AWS Private CA, Google CAS, and internal CA setups. cert-manager is a CNCF Graduated project originally built by Jetstack, and it's the go-to tool for any team running TLS on Kubernetes.

Best for: Any Kubernetes team that needs TLS — which is nearly all of them

Pros

✓ De facto standard for TLS on Kubernetes
✓ Wide CA provider support (public and private)
✓ Automatic renewal eliminates expired-cert incidents
✓ Massive community and active development

Cons

✗ Kubernetes-only; not for non-container workloads
✗ Configuration has many CRDs to understand (Issuer, ClusterIssuer, Certificate)
✗ ACME rate limits can surprise teams doing heavy issuance
✗ Complex certificate chains require custom Issuer logic