--- apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: jetstack namespace: flux-system spec: url: https://charts.jetstack.io interval: 1h --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: cert-manager namespace: cert-manager spec: interval: 30m chart: spec: chart: cert-manager version: v1.18.2 sourceRef: kind: HelmRepository name: jetstack namespace: flux-system install: crds: CreateReplace createNamespace: true values: installCRDs: true extraArgs: - --dns01-recursive-nameservers-only - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53 --- apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-rfc2136 spec: acme: email: admin@hxme.net server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: name: letsencrypt-rfc2136 solvers: - dns01: rfc2136: nameserver: hawke.hxst.com.au:53 tsigKeyName: "hxme-update-key" tsigAlgorithm: HMACSHA512 tsigSecretSecretRef: name: hxme-update-key key: hxme-update-key --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: wildcard-hxme-net namespace: cert-manager spec: secretName: wildcard-hxme-net secretTemplate: annotations: replicator.v1.mittwald.de/replication-allowed: "true" replicator.v1.mittwald.de/replicate-to: "monitoring,authentik,nextcloud" issuerRef: name: letsencrypt-rfc2136 kind: ClusterIssuer commonName: "hxme.net" dnsNames: - "hxme.net" - "*.hxme.net"