This guide provides steps for installing cert-manager and setting up various DNS providers with Let's Encrypt using DNS-01 challenge.
Helm chart users: the chart previously in
helm/has moved tosomaz94/helm-chartswith multi-issuer / multi-certificate / multi-secret support. Install viaoci://ghcr.io/somaz94/charts/certmanager-letsencryptorhttps://charts.somaz.blog. The localhelm/directory remains for reference only — seehelm/README.md.
- DNS-01 challenge support for wildcard certificates
- Support for multiple DNS providers: AWS Route53, Google Cloud DNS, Cloudflare
- Plain YAML manifests for hands-on / GitOps workflows
- 90-day certificate lifecycle with automatic 30-day renewal
- ClusterIssuer with ACME Let's Encrypt production endpoint
- Reusable Helm chart published separately at
somaz94/helm-charts
| Provider | Directory | Documentation |
|---|---|---|
| AWS Route53 | aws/ | Route53 DNS01 |
| Google Cloud DNS | gcp/ | Google CloudDNS |
| Cloudflare | cloudflare/ | Cloudflare DNS01 |
certmanager-letsencrypt/
├── aws/ # AWS Route53 manifests
│ ├── route53-credentials-secret.yaml
│ ├── clusterissuer.yaml
│ ├── certificate.yaml
│ └── ingress.yaml
├── gcp/ # Google Cloud DNS manifests
│ ├── clouddns-credentials-secret.yaml
│ ├── clusterissuer.yaml
│ ├── certificate.yaml
│ └── ingress.yaml
├── cloudflare/ # Cloudflare manifests
│ ├── cloudflare-api-token-secret.yaml
│ ├── clusterissuer.yaml
│ ├── certificate.yaml
│ └── ingress.yaml
└── helm/ # Legacy Helm chart (deprecated — see helm/README.md)
├── values-aws.yaml # provider example values still useful as DNS-01 schema reference
├── values-gcp.yaml
└── values-cloudflare.yaml
To fetch the latest version, consult the official cert-manager releases.
# Using latest version
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml
# Or pin to a specific version (recommended for production)
# kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.17.2/cert-manager.yamlVerify installation:
kubectl get po -n cert-managerEach provider directory contains the following template files:
| File | Description |
|---|---|
*-secret.yaml |
Credentials secret for DNS provider |
clusterissuer.yaml |
ClusterIssuer with ACME DNS-01 solver |
certificate.yaml |
Certificate resource (90d duration, 30d renewal) |
ingress.yaml |
Ingress with TLS configuration |
Refer to each provider's README for detailed setup instructions.
The chart in
helm/is deprecated. Use the centralized version atsomaz94/helm-charts— published tohttps://charts.somaz.blog(classic Helm repo) andoci://ghcr.io/somaz94/charts/certmanager-letsencrypt(OCI registry). The new chart adds multi-issuer / multi-certificate / multi-secret support and avalues.schema.json.
Install (new location)
# Recommended: OCI registry (Helm 3.8+)
helm install cert oci://ghcr.io/somaz94/charts/certmanager-letsencrypt \
--version 0.1.0 \
--namespace cert-manager \
-f my-values.yaml
# Alternative: classic Helm repo
helm repo add somaz94 https://charts.somaz.blog
helm install cert somaz94/certmanager-letsencrypt \
--version 0.1.0 \
--namespace cert-manager \
-f my-values.yamlThe new chart is not a drop-in replacement — values.yaml shape differs. See the new chart's README and helm/README.md for the schema differences and migration notes.
The legacy helm/ directory in this repo remains as a reference (its provider-specific values-*.yaml files still illustrate DNS-01 solver shapes per provider) but receives no further updates.
This project is licensed under the MIT License - see the LICENSE file for details.