cmctl

Check cert-manager status

$ cmctl check api

$ cmctl status certificate [cert-name]

$ cmctl renew [cert-name]

$ cmctl approve [request-name]

$ cmctl deny [request-name]

$ cmctl inspect secret [secret-name]

$ cmctl version

cmctl command [options]

cmctl is the official command-line tool for interacting with cert-manager, the Kubernetes certificate management controller. It provides commands for checking API readiness, inspecting certificate status, triggering renewals, and approving or denying certificate requests.
The tool can also be installed as a kubectl plugin, making it available as kubectl cert-manager. It simplifies common cert-manager operations that would otherwise require manually creating or editing Kubernetes resources with kubectl.
cmctl is particularly useful for debugging certificate issues, as the status and inspect commands provide detailed information about certificate chains, expiration dates, and issuance conditions that are not easily visible through standard kubectl output.

-n, --namespace ns

Kubernetes namespace

Kubernetes context

Kubeconfig file path

check api

Verify cert-manager API is ready

Show certificate status

Mark certificate for renewal

Approve CertificateRequest

Deny CertificateRequest

Show certificate details

Create certificate request

Convert between API versions

Upgrade assistance tools

Show versions

Requires cert-manager installed in cluster. Tab completion available. Preferred over kubectl plugin for better experience.

kubectl(1), openssl(1)