Skip to content



cert-manager is used to manage certificates inside the cluster. It provides CRDs for automated requests of Let's Encrypt certificates for domains. Right before the certificates reach their expiration date, cert-manager also takes care of renewing them for me.

Example of kind Certificate
kind: Certificate
  name: auth.${DOMAIN_INTERNAL}
  namespace: authelia
  secretName: auth.${DOMAIN_INTERNAL}
    - auth.${DOMAIN_INTERNAL}
    kind: ClusterIssuer
    name: lets-encrypt-production

Due to the fact that the target domains are not reachable outside my home network cert-manager is configured to use the DNS challenge for verifying the ownership.

Created Resources

Kind Name
Namespace cert-manager
HelmRelease cert-manager
Secret cloudflare-api-token
ClusterIssuer lets-encrypt-production, lets-encrypt-staging


cert-manager has a great CLI tool to interact with the controller running inside the cluster. The installation guide can be found here.

Example usage of cert-manager CLI

$ cmctl renew <certificate>
You can find more information on this command in their docs.

$ cmctl status certificate -n <namespace> <certificate>
You can find more information on this command in their docs.