Cert-manager: Add Support for dnsmadeeasy issuing wildcard certificates
/kind feature
We would lie to use certbot to issue wildcard certificates using ACMEv2 and DNSMadeEasy handling the dns01 challenges.
DNSMadeEasy is supported with this certbot plugin.
DNSMadeEasy api docs are available here:
I have not done any exhaustive search but there is at least one go library available for DNSMadeEasy.
jasonchester
All 15 comments
There's an existing implementation of DNSMadeEasy in the xenolf/lego library too (which is where we've taken most of the existing DNS providers from already): https://github.com/xenolf/lego/tree/master/providers/dns/dnsmadeeasy
Wildcard/acmev2 is being tracked in #309
munnerz
on 9 Apr 2018
Has this issue had any progress? I'm interested in possibly picking it up
AlecTroemel
on 23 May 2018
FYI, we recently completed a DNSMadeEasy provider at SendGrid and will be submitting a PR in the near future.
metrictwo
on 9 Jul 2018
metrictwo
on 28 Aug 2018
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale
retest-bot
on 26 Nov 2018
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle rotten
/remove-lifecycle stale
retest-bot
on 26 Dec 2018
commenting to keep this alive...
AlecTroemel
on 27 Dec 2018
Any news with this update?
macanud0
on 17 Jan 2019
Can someone
/remove-lifecycle rotten
jasonchester
on 17 Jan 2019
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale
retest-bot
on 8 May 2019
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle rotten
/remove-lifecycle stale
retest-bot
on 7 Jun 2019
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to jetstack.
/close
retest-bot
on 8 Jul 2019
@retest-bot: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue with/reopen.
Mark the issue as fresh with/remove-lifecycle rotten.
Send feedback to jetstack.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
jetstack-bot
on 8 Jul 2019
I am working in a webhook for DNSMadeEasy: https://github.com/angelnu/cert-manager-webhook-dnsmadeeasy
It pass the tests but I am struggling to get it to work:
W0202 19:35:48.057181 1 configmap_cafile_content.go:102] unable to load initial CA bundle for: "client-ca::kube-system::extension-apiserver-authentication::client-ca-file" due to: configmap "extension-apiserver-authentication" not found
W0202 19:35:48.057234 1 configmap_cafile_content.go:102] unable to load initial CA bundle for: "client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file" due to: configmap "extension-apiserver-authentication" not found
I0202 19:35:48.090353 1 configmap_cafile_content.go:205] Starting client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0202 19:35:48.090575 1 shared_informer.go:197] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0202 19:35:48.090762 1 configmap_cafile_content.go:205] Starting client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I0202 19:35:48.090770 1 shared_informer.go:197] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I0202 19:35:48.091546 1 secure_serving.go:178] Serving securely on [::]:443
I0202 19:35:48.091736 1 dynamic_serving_content.go:129] Starting serving-cert::/tls/tls.crt::/tls/tls.key
I0202 19:35:48.091853 1 tlsconfig.go:219] Starting DynamicServingCertificateController
I0202 19:35:48.190821 1 shared_informer.go:204] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0202 19:35:48.190910 1 shared_informer.go:204] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I0202 19:35:57.835760 1 log.go:172] http: TLS handshake error from 10.40.0.0:60994: remote error: tls: bad certificate
I0202 19:35:57.835943 1 log.go:172] http: TLS handshake error from 10.47.128.2:43820: remote error: tls: bad certificat
If someone wants to try it is likely related to the deployment helm chart. I do not have so much experience with Helm so debugging is slow for me.
angelnu
on 2 Feb 2020
Please re-open this issue.
I had to migrate some domains to cloudflare due to this and some other domains, have to stay in DME. Appreciate if this get implemented.
sanarena
on 16 Dec 2020
Related issues
Azylog
路
3Comments
jbouzekri
路
4Comments
munnerz
路
4Comments
jonathan-kosgei
路
4Comments
kragniz
路
4Comments
Most helpful comment
Fixed by https://github.com/jetstack/cert-manager/pull/859