apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
  namespace: cert-manager
spec:
  acme:
    email: "admin@kaisers.info" # replace this
    privateKeySecretRef:
      name: "staging-issuer-account-key"
    server: "https://acme-staging-v02.api.letsencrypt.org/directory"
    solvers:
      - dns01:
          webhook:
            # This group needs to be configured when installing the helm package, otherwise the webhook won't have permission to create an ACME challenge for this API group.
            groupName: acme.kaisers.info
            solverName: hetzner
            config:
              secretName: hetzner-secret
              zoneName: kaisers.info # (Optional): When not provided the Zone will searched in Hetzner API by recursion on full domain name
              apiUrl: https://dns.hetzner.com/api/v1
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
  namespace: cert-manager
spec:
  acme:
    email: "admin@kaisers.info" # replace this
    privateKeySecretRef:
      name: "prod-issuer-account-key"
    server: "https://acme-v02.api.letsencrypt.org/directory"
    solvers:
      - http01:
          ingress:
            class: "traefik"
            ingressTemplate:
              metadata:
                annotations:
                  kubernetes.io/ingress.class: "traefik"
                  traefik.ingress.kubernetes.io/router.tls: "true"
                  traefik.ingress.kubernetes.io/frontend-entry-points: "https"
                  traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
                  #traefik.ingress.kubernetes.io/redirect-entry-point: "https"