$ helm install godaddy-webhook --namespace cert-manager ./deploy/godaddy-webhook --set groupName=acme.mycompany.comapiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: <your email>
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- selector:
dnsNames:
- '*.example.com'
dns01:
webhook:
config:
authApiKey: <your GoDaddy authAPIKey>
authApiSecret: <your GoDaddy authApiSecret>
production: true
ttl: 600
groupName: acme.mycompany.com
solverName: godaddyNote: Change the groupName as set during helm chart installation.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
namespace: default
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- hosts:
- '*.example.com'
secretName: wildcard-example-com-tls
rules:
- host: demo.example.com
http:
paths:
- path: /
backend:
serviceName: backend-service
servicePort: 80apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: wildcard-example-com
spec:
secretName: wildcard-example-com-tls
renewBefore: 240h
dnsNames:
- '*.example.com'
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuerNote: Use annotations in Ingress to automate certificate creation.
All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.
It is essential that you configure and run the test suite when creating a DNS01 webhook.
An example Go test file has been provided in main_test.go.
Prepare
$ scripts/fetch-test-binaries.shYou can run the test suite with:
$ TEST_ZONE_NAME=example.com go test .The example file has a number of areas you must fill in and replace with your own options in order for tests to pass.