HTTP01 Challenge ProviderΒΆ

In order to allow HTTP01 challenges to be solved, we must enable the HTTP01 challenge provider on our Issuer resource.

This is done through setting the http01 field on the issuer.spec.acme stanza. Cert-manager will then attempt to solve ACME HTTP-01 challenges by using Ingress resources

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
apiVersion: certmanager.k8s.io
kind: Issuer
metadata:
  name: example-issuer
spec:
  acme:
    email: user@example.com
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: example-issuer-account-key
    http01: {}

Todo

Write a full description of how HTTP01 challenge validation works