home-server/deployments/ssl/certmanager.yaml

---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: jetstack
  namespace: flux-system
spec:
  url: https://charts.jetstack.io
  interval: 1h
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: cert-manager
  namespace: cert-manager
spec:
  interval: 30m
  chart:
    spec:
      chart: cert-manager
      version: v1.15.0
      sourceRef:
        kind: HelmRepository
        name: jetstack
        namespace: flux-system
  install:
    crds: CreateReplace
    createNamespace: true
  values:
    installCRDs: true
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-rfc2136
spec:
  acme:
    email: admin@hxme.net
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-rfc2136
    solvers:
    - dns01:
        rfc2136:
          nameserver: hawke.hxst.com.au:53
          tsigKeyName: "hxme-update-key"
          tsigAlgorithm: HMACSHA512
          tsigSecretSecretRef:
            name: hxme-update-key
            key:  hxme-update-key
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: tamcard-cert
  namespace: cert-manager
spec:
  secretName: tamecard-cert-tls
  issuerRef:
    name: letsencrypt-rfc2136
    kind: ClusterIssuer
  commonName: "hxme.net"
  dnsNames:
    - "hxme.net"
# ---
# apiVersion: cert-manager.io/v1
# kind: Certificate
# metadata:
#   name: wildcard-cert
#   namespace: cert-manager
# spec:
#   secretName: wildcard-cert-tls
#   issuerRef:
#     name: letsencrypt-rfc2136
#     kind: ClusterIssuer
#   commonName: "*.hxme.net"
#   dnsNames:
#     - "*.hxme.net"
i like the trips here 2025-07-02 00:48:26 +10:00			`---`
auto ssl 2025-07-02 00:44:38 +10:00			`apiVersion: source.toolkit.fluxcd.io/v1`
			`kind: HelmRepository`
			`metadata:`
			`name: jetstack`
			`namespace: flux-system`
			`spec:`
			`url: https://charts.jetstack.io`
			`interval: 1h`
			`---`
			`apiVersion: helm.toolkit.fluxcd.io/v2`
			`kind: HelmRelease`
			`metadata:`
			`name: cert-manager`
			`namespace: cert-manager`
			`spec:`
			`interval: 30m`
			`chart:`
			`spec:`
			`chart: cert-manager`
			`version: v1.15.0`
			`sourceRef:`
			`kind: HelmRepository`
			`name: jetstack`
			`namespace: flux-system`
			`install:`
			`crds: CreateReplace`
			`createNamespace: true`
			`values:`
			`installCRDs: true`
			`---`
			`apiVersion: cert-manager.io/v1`
			`kind: ClusterIssuer`
			`metadata:`
			`name: letsencrypt-rfc2136`
			`spec:`
			`acme:`
			`email: admin@hxme.net`
			`server: https://acme-v02.api.letsencrypt.org/directory`
			`privateKeySecretRef:`
			`name: letsencrypt-rfc2136`
			`solvers:`
			`- dns01:`
			`rfc2136:`
oops navmeservers to nameserver 2025-07-02 23:52:14 +10:00			`nameserver: hawke.hxst.com.au:53`
quote name idk why 2025-07-02 23:36:35 +10:00			`tsigKeyName: "hxme-update-key"`
ChatGPT will never take over my job. 2025-07-02 23:39:32 +10:00			`tsigAlgorithm: HMACSHA512`
auto ssl 2025-07-02 00:44:38 +10:00			`tsigSecretSecretRef:`
Set name lazy tired i hate ddns why doesnt it just run as the user i asked but hwatever thatnks debian for changing default behaviors i guess this has nothingto do with this though im tire.d 2025-07-02 23:29:17 +10:00			`name: hxme-update-key`
Update key 2025-07-02 17:36:41 +10:00			`key: hxme-update-key`
auto ssl 2025-07-02 00:44:38 +10:00			`---`
			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
name new to avoid ze overlaps 2025-07-03 00:14:45 +10:00			`name: tamcard-cert`
auto ssl 2025-07-02 00:44:38 +10:00			`namespace: cert-manager`
			`spec:`
name new to avoid ze overlaps 2025-07-03 00:14:45 +10:00			`secretName: tamecard-cert-tls`
auto ssl 2025-07-02 00:44:38 +10:00			`issuerRef:`
			`name: letsencrypt-rfc2136`
			`kind: ClusterIssuer`
Remove one of the wildcards I think 2025-07-02 23:49:36 +10:00			`commonName: "hxme.net"`
auto ssl 2025-07-02 00:44:38 +10:00			`dnsNames:`
smart enough to ask me to add it to the list. not smart enough to add it itself. 2025-07-02 23:54:19 +10:00			`- "hxme.net"`
Test a theory 2025-07-03 00:17:36 +10:00			`# ---`
			`# apiVersion: cert-manager.io/v1`
			`# kind: Certificate`
			`# metadata:`
			`# name: wildcard-cert`
			`# namespace: cert-manager`
			`# spec:`
			`# secretName: wildcard-cert-tls`
			`# issuerRef:`
			`# name: letsencrypt-rfc2136`
			`# kind: ClusterIssuer`
			`# commonName: "*.hxme.net"`
			`# dnsNames:`
			`# - "*.hxme.net"`