[antoniomarino]

I came to this thread having the same questions (why use this over cert-manager) and this answer gives some pretty solid reasons.

Can you elaborate more on /3 ? Why is this kind of service better suited for a CronJob over a running container?

[MathieuN]

Let’s Encrypt CA issues short-lived certificates (90 days) and official documentation recommends to check twice a day if certificates need to be renewed. It is a good choice to use Kubernetes Cronjob for this periodical task, resources and monitoring are saved.