Akamai
Edge DNS
Use Edge DNS to solve DNS01 ACME challenges by creating a Secret using Akamai API credentials and an Issuer that references the Secret and sets the solver type.
Create a Secret
The Secret should look like the following for the Issuer to reference. Replace use_akamai_client_secret, use_akamai_access_token and use_akamai_client_token with the respective Akamai API credential values.
apiVersion: v1
kind: Secret
metadata:
name: akamai-secret
type: Opaque
stringData:
clientSecret: use_akamai_client_secret
accessToken: use_akamai_access_token
clientToken: use_akamai_client_token
Create an Issuer
To set Edge DNS for challenge tokens, cert-manager uses an Issuer that references the above Secret and other attributes such as the solver type. The Issuer should look like the following. Replace use_akamai_host with the Akamai API credential host value.
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt-akamai-dns
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: contact@me.com
privateKeySecretRef:
name: letsencrypt-akamai-issuer-account-key
solvers:
- dns01:
akamai:
serviceConsumerDomain: use_akamai_host
clientTokenSecretRef:
name: akamai-secret
key: clientToken
clientSecretSecretRef:
name: akamai-secret
key: clientSecret
accessTokenSecretRef:
name: akamai-secret
key: accessToken
Create a Certificate
The Certificate should look like the following and reference the Akamai Edge DNS Issuer above.
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-zone
spec:
secretName: akamai-crt-secret
dnsNames:
- '*.example.zone'
issuerRef:
name: letsencrypt-akamai-dns
kind: Issuer
Note:
cert-managerwill wait for challenge tokens to propagate across the Edge DNS network. Follow thecertificatestatus with a command such as the following.
kubectl describe certificate example-zone
Troubleshooting
Follow the cert-manager events to identify any issues with a command such as the following.
cmctl status certificate example-zone