--- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-rfc2136 spec: acme: email: {{ .Values.ssl.email }} server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: letsencrypt-rfc2136 solvers: - dns01: rfc2136: nameserver: hawke.hxst.com.au:53 tsigKeyName: "hxme-update-key" tsigAlgorithm: HMACSHA512 tsigSecretSecretRef: name: hxme-update-key key: hxme-update-key --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ .Values.ssl.secret_name }} namespace: {{ .Release.Namespace }} spec: secretName: {{ .Values.ssl.secret_name }} secretTemplate: annotations: replicator.v1.mittwald.de/replication-allowed: "true" issuerRef: name: letsencrypt-rfc2136 kind: ClusterIssuer commonName: "{{ .Values.global.domain }}" dnsNames: - "{{ .Values.global.domain }}" - "*.{‌{ .Values.global.domain }}"