certificates: Add darkchestofwonders.us

If I remember to add the _acme-challenge CNAME record *before* applying the Certificate resource, it takes a little under 5 minutes to issue a new certificate.
2023-05-17 08:01:50 -05:00 · 2023-05-17 08:01:50 -05:00 · dbb81fbae7
parent aa758646e0
commit dbb81fbae7
2 changed files with 24 additions and 0 deletions
--- a/cert-manager/cert-exporter.yaml
+++ b/cert-manager/cert-exporter.yaml
@ -33,6 +33,11 @@ data:
      key: certificates/tabitha.biz.key
      cert: certificates/tabitha.biz.crt
      bundle: certificates/tabitha.biz.pem
+    - name: dcow-cert
+      namespace: default
+      key: certificates/darkchestofwonders.us.key
+      cert: certificates/darkchestofwonders.us.crt
+      bundle: certificates/darkchestofwonders.us.pem
  known-hosts-command.ssh_config: |
    KnownHostsCommand /usr/bin/curl -fsL https://files.pyrocufflink.blue/ssh_known_hosts

@ -53,6 +58,7 @@ rules:
  - dustinhatchname-cert
  - hatchchat-cert
  - tabitha-cert
+  - dcow-cert

 ---
 apiVersion: rbac.authorization.k8s.io/v1
--- a/cert-manager/certificates.yaml
+++ b/cert-manager/certificates.yaml
@ -70,3 +70,21 @@ spec:
  privateKey:
    algorithm: ECDSA
    rotationPolicy: Always
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: dcow-cert
+spec:
+  secretName: dcow-cert
+  dnsNames:
+  - darkchestofwonders.us
+  - '*.darkchestofwonders.us'
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: zerossl
+  privateKey:
+    algorithm: ECDSA
+    rotationPolicy: Always