$ helm install --name godaddy-webhook --namespace cert-manager ./deploy/godaddy-webhook
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: <your email>
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- selector:
dnsNames:
- '*.example.com'
dns01:
webhook:
config:
authApiKey: <your GoDaddy authAPIKey>
authApiSecretRef:
name: <secret containing your GoDaddy authApiSecret>
key: <secret key containing your GoDaddy authApiSecret>
production: true
ttl: 600
groupName: acme.mycompany.com
solverName: godaddy
Certificate
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: wildcard-example-com
spec:
secretName: wildcard-example-com-tls
renewBefore: 240h
dnsNames:
- '*.example.com'
issuerRef:
name: letsencrypt-prod
kind: ClusterIssuer
Ingress
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: example-ingress
namespace: default
annotations:
certmanager.k8s.io/cluster-issuer: "letsencrypt-prod"
spec:
tls:
- hosts:
- '*.example.com'
secretName: wildcard-example-com-tls
rules:
- host: demo.example.com
http:
paths:
- path: /
backend:
serviceName: backend-service
servicePort: 80
All DNS providers must run the DNS01 provider conformance testing suite, else they will have undetermined behaviour when used with cert-manager.
It is essential that you configure and run the test suite when creating a DNS01 webhook.
An example Go test file has been provided in main_test.go.
Prepare
$ scripts/fetch-test-binaries.sh
You can run the test suite with:
$ TEST_ZONE_NAME=example.com go test .
The example file has a number of areas you must fill in and replace with your own options in order for tests to pass.