apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: certificate-name
spec:
secretName: tls-cert
duration: 24h
renewBefore: 12h
commonName: hostname
dnsNames:
- hostname
issuerRef:
name: letsencrypt
kind: ClusterIssuer
apiVersion: certmanager.k8s.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
email: myemail@email.com
privateKeySecretRef:
name: letsencrypt-private-key
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
class: nginx
selector: {}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
certmanager.k8s.io/acme-challenge-type: http01
certmanager.k8s.io/cluster-issuer: letsencrypt
name: ingress-rule
namespace: default
spec:
rules:
- host: hostname
http:
paths:
- backend:
serviceName: backend-service
servicePort: 8080
tls:
- hosts:
- hostname
secretName: tls-cert
The above cited approach worked for me, tls-cert is automatically generated in the intended namespace, the key and certificate both. For this to happen, you should point the IP of nginx loadbalancer to DNS
It worked for me, the acme challenge will get auto tested and the certificate will change it status from false to true, once this gets done