`cert-manager`

Introduction

cert-manager is used to manage certificates inside the cluster. It provides CRDs for automated requests of Let's Encrypt certificates for domains. Right before the certificates reach their expiration date, cert-manager also takes care of renewing them for me.

Example of kind Certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: auth.${DOMAIN_INTERNAL}
  namespace: authelia
spec:
  secretName: auth.${DOMAIN_INTERNAL}
  dnsNames:
    - auth.${DOMAIN_INTERNAL}
  issuerRef:
    kind: ClusterIssuer
    name: lets-encrypt-production

Due to the fact that the target domains are not reachable outside my home network cert-manager is configured to use the DNS challenge for verifying the ownership.

Created Resources

Kind	Name
`Namespace`	`cert-manager`
`HelmRelease`	`cert-manager`
`Secret`	`cloudflare-api-token`
`ClusterIssuer`	`lets-encrypt-production`, `lets-encrypt-staging`

CLI

cert-manager has a great CLI tool to interact with the controller running inside the cluster. The installation guide can be found here.

Example usage of cert-manager CLI

Manually renew certificate(s)Get the status of a certificate

$ cmctl renew <certificate>

You can find more information on this command in their docs.

$ cmctl status certificate -n <namespace> <certificate>

You can find more information on this command in their docs.

cert-manager

Introduction

Created Resources

CLI

Links

`cert-manager`