mirror of
https://github.com/vhaudiquet/homeprod.git
synced 2026-06-27 11:42:38 +00:00
vhaudiquet
4774208668
- Add Certificate CRDs for vhaudiquet.fr, wildcard, and buildpath.win - Keep semery.fr certs in certificates-secret.yaml (manual until OVH API) - Update Caddyfile to use new TLS certificate paths (tls.crt/tls.key) - Update values.yaml to mount cert-manager secrets for Cloudflare domains - Mount semery.fr certs from caddy-certificates secret with item mappings Certificates for Cloudflare domains will be auto-renewed by cert-manager.
53 lines
1.3 KiB
YAML
53 lines
1.3 KiB
YAML
# Certificates managed by cert-manager
|
|
# These will automatically renew before expiry
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: vhaudiquet-fr
|
|
namespace: caddy
|
|
spec:
|
|
secretName: vhaudiquet-fr-tls
|
|
issuerRef:
|
|
name: letsencrypt-production
|
|
kind: ClusterIssuer
|
|
commonName: vhaudiquet.fr
|
|
dnsNames:
|
|
- vhaudiquet.fr
|
|
duration: 2160h # 90 days
|
|
renewBefore: 360h # 15 days before expiry
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: wildcard-vhaudiquet-fr
|
|
namespace: caddy
|
|
spec:
|
|
secretName: wildcard-vhaudiquet-fr-tls
|
|
issuerRef:
|
|
name: letsencrypt-production
|
|
kind: ClusterIssuer
|
|
commonName: "*.vhaudiquet.fr"
|
|
dnsNames:
|
|
- "*.vhaudiquet.fr"
|
|
duration: 2160h # 90 days
|
|
renewBefore: 360h # 15 days before expiry
|
|
---
|
|
# semery.fr certificates are managed manually in certificates-secret.yaml
|
|
# until OVH DNS API credentials are added for DNS-01 challenges
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: buildpath-win
|
|
namespace: caddy
|
|
spec:
|
|
secretName: buildpath-win-tls
|
|
issuerRef:
|
|
name: letsencrypt-production
|
|
kind: ClusterIssuer
|
|
commonName: buildpath.win
|
|
dnsNames:
|
|
- buildpath.win
|
|
duration: 2160h # 90 days
|
|
renewBefore: 360h # 15 days before expiry
|