Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to using the cert-manager DNS solver by default instead of HTTP #235

Open
bmonkman opened this issue Oct 15, 2021 · 0 comments
Open

Switch to using the cert-manager DNS solver by default instead of HTTP #235

bmonkman opened this issue Oct 15, 2021 · 0 comments
Labels
enhancement New feature or request good first issue Good for newcomers kubernetes

Comments

@bmonkman
Copy link
Contributor

bmonkman commented Oct 15, 2021
edited
Loading

The HTTP solver is handy, and fast in most cases but I think we should move over to using the DNS validator by default.
It can take longer sometimes due to DNS caching, but it is a bit less complex and there are things you just can’t do with the HTTP version, like the chicken-and-egg situation if you need to migrate a domain but you can’t host the validator endpoint on the domain because you haven’t migrated it yet.
This should be easy enough because we already set up the DNS solver as a cluster issuer called clusterissuer-letsencrypt-production-dns. It would require changing the backend projects to use that by modifying the ingress annotation, and then need some testing to make sure it's working. If it works alright, the only change required to this repo would be updating the user-auth ingress to also use the DNS solver.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers kubernetes
Projects
Zero - Full project view
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bmonkman