Cert Manager is a tool to get a free SSL Certificate as well as renewing it automatically for an inputted amount of time.
Installation:
helm repo add jetstack <https://charts.jetstack.io> --force-update
helm repo update
helm show values jetstack/cert-manager > cert-manager-values.yaml
# Changes
dns01RecursiveNameservers: "1.1.1.1:53,8.8.8.8:53"
dns01RecursiveNameserversOnly: true
podDnsConfig:
nameservers:
- "1.1.1.1"
- "8.8.8.8"
helm install cert-manager jetstack/cert-manager -n cert-manager --values cert-manager-values.yaml
If you want to install cert-manager directly (Not Recommended):
helm install \\
cert-manager jetstack/cert-manager \\
--namespace cert-manager \\
--create-namespace \\
--version v1.16.1 \\
--set crds.enabled=true
You need 2 crutial things here. The ClusterIssuer and the Certificates you want to issue.
# cluster-issuer.yaml
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod # >> just make it the same
namespace: cert-manager
spec:
acme:
server: <https://acme-v02.api.letsencrypt.org/directory>
email: [email protected]
privateKeySecretRef:
name: letsencrypt-prod # >> just make it the same
solvers:
- dns01:
cloudflare:
email: [email protected]
apiTokenSecretRef:
name: cloudflare-api-key # make a generic secret for this
key: api-key # don't forget make the key the same
selector:
dnsZones:
- "davenathaniel.my.id" # Your domain
- "*.example.com" # Example for wildcard domains
It’s up to you what DNS you want to choose, but there are limited DNS that can work with cert-manager’s dns-challenge.