How do I test a ClusterIssuer solver?

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
 metadata:
  name: certificate-name
spec:
  secretName: tls-cert
  duration: 24h
  renewBefore: 12h
  commonName: hostname
  dnsNames:
  - hostname
  issuerRef:
    name: letsencrypt
    kind: ClusterIssuer

apiVersion: certmanager.k8s.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt
spec:
  acme:
    email: myemail@email.com
    privateKeySecretRef:
      name: letsencrypt-private-key
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - http01:
        ingress:
          class: nginx
      selector: {}

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    certmanager.k8s.io/acme-challenge-type: http01
    certmanager.k8s.io/cluster-issuer: letsencrypt
  name: ingress-rule
  namespace: default
spec:
  rules:
  - host: hostname
    http:
      paths:
      - backend:
          serviceName: backend-service
          servicePort: 8080
  tls:
  - hosts:
    - hostname
    secretName: tls-cert

The above cited approach worked for me, tls-cert is automatically generated in the intended namespace, the key and certificate both. For this to happen, you should point the IP of nginx loadbalancer to DNS

It worked for me, the acme challenge will get auto tested and the certificate will change it status from false to true, once this gets done

Leave a Comment

tech