SSL.com has an ACME service for free 90-day ssl certificates.
It's pretty simple to configure cert-manager to use it, you'll need:
- A secret containing the HMAC key.
- An
Issuer
orClusterIssuer
configured with your user on ssl.com and their acme url - A ssl.com account
Follow this tutorial to get your ACME credentials: https://archive.is/27ko6#ftoc-heading-2
Note day your HMAC key
and key_id
. Edit the credential and include the role individual_certificate and validations (not sure if those are really necessary).
Suppose your HMAC key
is TiFfIi57ms0ZRgbYRyVmhHpwtlu0oLTB2COR2ukAyk
, your key_id
is a4aaa21ddd33
and your ssl.com username is foo@bar.com
Create a secret for your HMAC key in the same namespace of the cert-manager pod (normally called cert-manager).
Suppose your HMAC key
is TiFfIi57ms0ZRgbYRyVmhHpwtlu0oLTB2COR2ukAyk
kubectl create secret generic sslcom-eabsecret \
-n cert-manager --from-literal secret=TiFfIi57ms0ZRgbYRyVmhHpwtlu0oLTB2COR2ukAyk
Create a ClusterIssuer (or Issuer) for ssl.com:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: sslcom
spec:
acme:
email: foo@bar.com
externalAccountBinding:
keyAlgorithm: HS256
keyID: a4aaa21ddd33
keySecretRef:
key: secret
name: sslcom-eabsecret
server: https://acme.ssl.com/sslcom-dv-rsa
From here on, you can proceed exactly like letsencrypt.