gsdavidp/home-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6e76a400b62cd03e03f969f8bb529bd7c14ab4ab
home-server/clusters/noble/bootstrap/cert-manager/clusterissuer-letsencrypt-prod.yaml

28 lines
1.1 KiB
YAML
Raw Blame History

# Let's Encrypt production — trusted certificates; respect rate limits.
# Prefer a real mailbox for expiry notices; this domain is accepted by LE (edit if needed).
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: certificates@noble.lab.pcenicni.dev
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod-account-key
solvers:
# DNS-01 — Cloudflare token covers pcenicni.dev only. Requires Secret cloudflare-dns-api-token in cert-manager.
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-dns-api-token
key: api-token
selector:
dnsZones:
- pcenicni.dev
# HTTP-01 fallback — used for all other zones (e.g. nikflix.ca via Pangolin → Newt → Traefik).
# Requires a Pangolin HTTP resource + target for each hostname before LE can reach /.well-known/acme-challenge/.
- http01:
ingress:
ingressClassName: traefik
Reference in New Issue View Git Blame Copy Permalink