51 lines
1.5 KiB
YAML
51 lines
1.5 KiB
YAML
# Let's Encrypt ClusterIssuers for production and staging
|
|
|
|
---
|
|
# Production ClusterIssuer (Let's Encrypt Production)
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: letsencrypt-prod
|
|
spec:
|
|
acme:
|
|
# Let's Encrypt production server
|
|
server: https://acme-v02.api.letsencrypt.org/directory
|
|
# Email address used for ACME registration
|
|
email: ops@veza.com # Change this to your email
|
|
# Name of a secret used to store the ACME account private key
|
|
privateKeySecretRef:
|
|
name: letsencrypt-prod
|
|
# Enable the HTTP-01 challenge provider
|
|
solvers:
|
|
- http01:
|
|
ingress:
|
|
class: nginx
|
|
# Optional: DNS-01 challenge (for wildcard certificates)
|
|
# - dns01:
|
|
# cloudflare:
|
|
# email: ops@veza.com
|
|
# apiKeySecretRef:
|
|
# name: cloudflare-api-key
|
|
# key: api-key
|
|
|
|
---
|
|
# Staging ClusterIssuer (Let's Encrypt Staging - for testing)
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: letsencrypt-staging
|
|
spec:
|
|
acme:
|
|
# Let's Encrypt staging server (for testing)
|
|
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
|
# Email address used for ACME registration
|
|
email: ops@veza.com # Change this to your email
|
|
# Name of a secret used to store the ACME account private key
|
|
privateKeySecretRef:
|
|
name: letsencrypt-staging
|
|
# Enable the HTTP-01 challenge provider
|
|
solvers:
|
|
- http01:
|
|
ingress:
|
|
class: nginx
|
|
|