# Let's Encrypt ClusterIssuers for production and staging

---
# Production ClusterIssuer (Let's Encrypt Production)
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    # Let's Encrypt production server
    server: https://acme-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: ops@veza.com  # Change this to your email
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-prod
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx
    # Optional: DNS-01 challenge (for wildcard certificates)
    # - dns01:
    #     cloudflare:
    #       email: ops@veza.com
    #       apiKeySecretRef:
    #         name: cloudflare-api-key
    #         key: api-key

---
# Staging ClusterIssuer (Let's Encrypt Staging - for testing)
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    # Let's Encrypt staging server (for testing)
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    # Email address used for ACME registration
    email: ops@veza.com  # Change this to your email
    # Name of a secret used to store the ACME account private key
    privateKeySecretRef:
      name: letsencrypt-staging
    # Enable the HTTP-01 challenge provider
    solvers:
    - http01:
        ingress:
          class: nginx