Skip to content

Instantly share code, notes, and snippets.

@ruedigerp

ruedigerp/issuer-secret.yaml

Last active January 24, 2024 16:57
Show Gist options
  • Save ruedigerp/0e2a8d4eebd872907df8400ef8270062 to your computer and use it in GitHub Desktop.
Save ruedigerp/0e2a8d4eebd872907df8400ef8270062 to your computer and use it in GitHub Desktop.
Download ZIP
Wildcard certs with Letsencrypt and Cloudflare DNS API
Raw
issuer-secret.yaml
# Local domains are for example *.devs.yourcompany.net
# yourcompany.net is with Cloudflare and should be used as a letsencrypt Issuer domain.
# Create API key with read AND read/write permissions
# Set up DNS Cname for _acme-challenge.devs.yourcompany.net pointing to yourcompany.net.
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-cloudflare-wildcard
spec:
acme:
email: mail@yourcompany.net
preferredChain: ""
privateKeySecretRef:
name: letsencrypt-cloudflare
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
key: api-token
name: cloudflare-api-token-secret
email: mail@yourcompany.net
cnameStrategy: Follow
---
apiVersion: v1
data:
api-token: eW91VGhpc0l3cml0ZU15VG9rZW5Ub1RoaXNUb2tlbg==
kind: Secret
metadata:
name: cloudflare-api-token-secret
namespace: cert-manager
type: Opaque
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: local-wildcard
namespace: default
spec:
dnsNames:
- '*.devs.yourcompany.net'
issuerRef:
kind: ClusterIssuer
name: letsencrypt-cloudflare-wildcard
secretName: local-wildcard
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment