From d271b2468514f98a5045b72b8c3226d7b388e023 Mon Sep 17 00:00:00 2001
From: "Guillaume B.B. Van Hemmen" <GuillaumeHemmen@noreply.git.van-hemmen.com>
Date: Thu, 26 Dec 2024 22:20:42 +0100
Subject: [PATCH] #0000 - Switch ACME server to production and add staging
 ClusterIssuer

Switched the ACME server to Let's Encrypt production for certificate issuance. Added a new ClusterIssuer resource for staging to support testing without hitting rate limits.
---
 cert-manager.yaml | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/cert-manager.yaml b/cert-manager.yaml
index 6d4aabc..0386e09 100644
--- a/cert-manager.yaml
+++ b/cert-manager.yaml
@@ -6,7 +6,7 @@ metadata:
 spec:
   acme:
     email: acme@van-hemmen.com
-    # We use the staging server here for testing to avoid hitting
+    # We use the production server here
     server: https://acme-v02.api.letsencrypt.org/directory
     privateKeySecretRef:
       # if not existing, it will register a new account and stores it
@@ -16,3 +16,22 @@ spec:
           # The ingressClass used to create the necessary ingress routes
           ingress:
             class: traefik
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+  namespace: cert-manager
+spec:
+  acme:
+    email: acme@van-hemmen.com
+    # We use the staging server here for testing to avoid hitting rate limiting
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # if not existing, it will register a new account and stores it
+      name: letsencrypt-staging
+    solvers:
+      - http01:
+          # The ingressClass used to create the necessary ingress routes
+          ingress:
+            class: traefik