homelab/deployment/infrastructure/cert-issuers.yaml

---
# NOTE: Secret 'digitalocean-dns-token' must be created manually in cert-manager namespace:
#   kubectl create secret generic digitalocean-dns-token \
#     --from-literal=access-token=<YOUR_DO_TOKEN> \
#     -n cert-manager
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  annotations: {}
  name: letsencrypt-prod
spec:
  acme:
    email: dan.vandachevici@gmail.com
    privateKeySecretRef:
      name: letsencrypt-prod-account-key
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    - dns01:
        digitalocean:
          tokenSecretRef:
            key: access-token
            name: digitalocean-dns-token
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  annotations: {}
  name: letsencrypt-staging
spec:
  acme:
    email: dan.vandachevici@gmail.com
    privateKeySecretRef:
      name: letsencrypt-staging-account-key
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    solvers:
    - dns01:
        digitalocean:
          tokenSecretRef:
            key: access-token
            name: digitalocean-dns-token