Convox Community

Custom clusterissuer/letsencrypt configuration for Kubernetes (to use dns-01 solver)

I got the Cloudflare DNS-01 solver working for cert-manager: Cloudflare | cert-manager

I did this by running kubectl edit clusterissuer/letsencrypt and changing the solvers config:

    solvers:
    - dns01:
        cloudflare:
          apiTokenSecretRef:
            key: api-token
            name: cloudflare-api-token-secret
          email: <my email>

This works great. I was able to practice a zero downtime migration by provisioning SSL certificates in advance, and then I could switch the DNS records safely and seamlessly transition to my new servers.

I just noticed that the config seems to overwritten after a little while and it goes back to the default of http01. Can you please add support for custom solvers here? I would like to continue using the Cloudflare dns01 solver.


I found the configuration template here: convox/cert-manager-letsencrypt.yml.tmpl at master · convox/convox · GitHub

Alternatively, is it possible to fork Convox so that I can update this template, and install the forked Convox in my Rack?