25 lines
891 B
YAML
25 lines
891 B
YAML
# Let's Encrypt production — trusted certificates; respect rate limits.
|
|
# Prefer a real mailbox for expiry notices; this domain is accepted by LE (edit if needed).
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: letsencrypt-prod
|
|
spec:
|
|
acme:
|
|
email: certificates@noble.lab.pcenicni.dev
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
privateKeySecretRef:
|
|
name: letsencrypt-prod-account-key
|
|
solvers:
|
|
# DNS-01 — Cloudflare token must have Zone.Read + DNS.Edit for BOTH pcenicni.dev AND nikflix.ca.
|
|
# Edit the token in Cloudflare → My Profile → API Tokens to add nikflix.ca zone permissions.
|
|
- dns01:
|
|
cloudflare:
|
|
apiTokenSecretRef:
|
|
name: cloudflare-dns-api-token
|
|
key: api-token
|
|
selector:
|
|
dnsZones:
|
|
- pcenicni.dev
|
|
- nikflix.ca
|