Skip to content

A cert-manager sample repository for creating an ACME DNS01 solver webhook

License

Notifications You must be signed in to change notification settings

castlecraft/cert-manager-webhook-godaddy

 
 

Repository files navigation

ACME webhook for GoDaddy

Installation

$ helm install godaddy-webhook --namespace cert-manager ./deploy/godaddy-webhook --set groupName=acme.mycompany.com

ClusterIssuer

apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <your email>
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - selector:
        dnsNames:
        - '*.example.com'
      dns01:
        webhook:
          config:
            authApiKey: <your GoDaddy authAPIKey>
            authApiSecret: <your GoDaddy authApiSecret>
            production: true
            ttl: 600
          groupName: acme.mycompany.com
          solverName: godaddy

Note: Change the groupName as set during helm chart installation.

Ingress

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: example-ingress
  namespace: default
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - '*.example.com'
    secretName: wildcard-example-com-tls
  rules:
  - host: demo.example.com
    http:
      paths:
      - path: /
        backend:
          serviceName: backend-service
          servicePort: 80

Certificate

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: wildcard-example-com
spec:
  secretName: wildcard-example-com-tls
  renewBefore: 240h
  dnsNames:
  - '*.example.com'
  issuerRef:
    name: letsencrypt-prod
    kind: ClusterIssuer

Note: Use annotations in Ingress to automate certificate creation.

Development

Running the test suite

All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.

It is essential that you configure and run the test suite when creating a DNS01 webhook.

An example Go test file has been provided in main_test.go.

Prepare

$ scripts/fetch-test-binaries.sh

You can run the test suite with:

$ TEST_ZONE_NAME=example.com go test .

The example file has a number of areas you must fill in and replace with your own options in order for tests to pass.

About

A cert-manager sample repository for creating an ACME DNS01 solver webhook

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Go 69.8%
  • HTML 14.0%
  • Shell 10.2%
  • Makefile 3.1%
  • Dockerfile 2.9%