共计 1379 个字符,预计需要花费 4 分钟才能阅读完成。
第一步:注册 acme-dns 帐号
curl -s -X POST https://auth.acme-dns.io/register
返回值:
{"username":"xxx","password":"xxx","fulldomain":"xxx.auth.acme-dns.io","subdomain":"xxx","allowfrom":[]}第二步:添加DNS解析记录:
dns类型是 cname
key 是 _acme-challenge
value 是 "xxx.auth.acme-dns.io"
第三步:创建 clusterissuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod-dns01
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: [email protected]
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
solvers:
# An empty 'selector' means that this solver matches all domains
- selector: { }
dns01:
acmeDNS:
accountSecretRef:
name: auth-acme-dns-io-credentials
key: acmedns.json
host: https://auth.acme-dns.io
---
apiVersion: v1
kind: Secret
metadata:
name: auth-acme-dns-io-credentials
namespace: cert-manager
stringData:
acmedns.json: |
{
"${CLUSTER_DOMAIN_NAME}": {
"username": "${ACME_DNS_USERNAME}",
"password": "${ACME_DNS_PASSWORD}",
"fulldomain": "${ACME_DNS_SUBDOMAIN}.auth.acme-dns.io",
"subdomain": "${ACME_DNS_SUBDOMAIN}",
"allowfrom": []
}
}
参考资料:
- https://github.com/gandazgul/k8s-infrastructure/blob/a69f0a0adc82579bd04c7dcee0b7edbf9b4aad67/infrastructure/cert-manager/issuers/LetsEncryptProdDNSIssuer.yaml
- https://github.com/joohoi/acme-dns?tab=readme-ov-file
- https://cert-manager.io/docs/configuration/acme/dns01/acme-dns/
正文完