This solver plug in for cert-manager is used on kubernetes to resolve letsencrypt DNS challenges considering your domain is hosted by NS1 managed DNS. API documentation is here
- go >= 1.16.0
- helm >= v3.0.0
- kubernetes >= v1.21.0
- cert-manager >= v1.6.1
Log in on ns1.com and obtain an api secret, so create a k8s secret with index api-key on cert-manager namespace, such as:
kubectl create secret generic ns1-api-secret --from-literal=api-key='xxxxxxx' -n cert-managerhelm install --namespace cert-manager cert-manager-webhook-ns1 deploy/ns1-webhook/ --set groupName=acme.mydomain.comhelm uninstall --namespace cert-manager cert-manager-webhook-ns1 deploy/ns1-webhook/Note: The kubernetes resources used to install the Webhook should be deployed within the same namespace as the cert-manager.
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-ns1
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory # production server, change to staging for tests
# Email address used for ACME registration
email: [email protected] # REPLACE THIS WITH YOUR EMAIL!!!
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-ns1
solvers:
- dns01:
webhook:
groupName: acme.mydomain.com
solverName: ns1
config:
apiKeySecretRef: ns1-api-secret
zoneName: mydomain.comapiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: cert-tls
namespace: orb-live
spec:
dnsNames:
- '*.mydomain.com'
- mydomain.com
issuerRef:
name: letsencrypt-ns1
kind: ClusterIssuer
secretName: cert-tlsapiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/permanent-redirect: "https://mydomain.com/"
name: endpoint-redirect
spec:
ingressClassName: nginx
tls:
- hosts:
- app.mydomain.com
secretName: cert-tls
rules:
- host: app.mydomain.com