Closed bbusioc closed 2 years ago
zachomedia
commented
2 years ago @bbusioc I can explore some options on enabling this out of the box. For now, though, if you want to get it working, I think you can build a custom image and add your certificate to it. Should be something like:
FROM zachomedia/cert-manager-webhook-pdns:v2.0.1
COPY internalca.pem /usr/local/share/ca-certificates/internalca.pem
RUN /usr/sbin/update-ca-certificates@bbusioc Turns out this was easily implemented and I ended up having some time tonight. There is now a new field on the issuer definition that will allow you to specific a custom CA bundle (base64 encoded CA certificate).
Example: https://github.com/zachomedia/cert-manager-webhook-pdns#issuerclusterissuer
zachomedia
commented
2 years ago Version 2.1.0 (helm chart 2.1.1) was released with this new feature.
bbusioc
commented
2 years ago thanks a lot for your quick action it works, I just tested. have a nice day!
Hello,
I'm trying to use your webhook, but I run into an issue. The Power DNS URL certificate is signed by an internal CA and this leads into an error when I try to create a certificate. Is there any way to setup an insecure SSL for the connection towards DNS or add somehow the internal CA in a trust store? I'm not managing the PDNS, so I have no information about it or any possibility to update the certificate it's used for the URL. I just got an URL and an API-KEY.
Thanks, Bogdan