new tls wildcard

2026-05-29 21:58:34 +02:00
parent 6d874111da
commit a7106bc8f4
3 changed files with 41 additions and 1 deletions
--- a/infra/overlays/upc-dev/wildcard-tls-certificate.yaml
+++ b/infra/overlays/upc-dev/wildcard-tls-certificate.yaml
@@ -0,0 +1,38 @@
+---
+# Wildcard Certificate for *.forteapps.net
+# This creates a certificate that covers ALL subdomains of forteapps.net
+# Once created, you can use it for any app like:
+#   - myapp.forteapps.net
+#   - api.forteapps.net
+#   - git.forteapps.net
+#   - vaultwarden.forteapps.net
+#   - etc.
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-forteapps-net
+  namespace: cert-manager # Can be in any namespace, cert-manager namespace is common
+spec:
+  # The secret where the TLS certificate will be stored
+  # This secret can be referenced by IngressRoutes in any namespace
+  secretName: wildcard-forteapps-net-tls
+
+  # Use the production issuer (use letsencrypt-staging for testing)
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
+
+  # DNS names this certificate will cover
+  # Both wildcard AND apex domain are recommended
+  dnsNames:
+  - '*.forteapps.net' # Covers: myapp.forteapps.net, api.forteapps.net, etc.
+  - 'forteapps.net' # Also include apex domain explicitly
+  # Optional: Configure certificate duration and renewal
+  duration: 2160h0m0s # 90 days (Let's Encrypt default)
+  renewBefore: 720h0m0s # Renew 30 days before expiry
+
+  # Optional: Private key settings
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 4096