From 7498c9558c1454a21ff17152fb7c0fc519527343 Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Wed, 3 Apr 2024 16:11:13 -0500
Subject: [PATCH] Trying ZeroSSL

---
 .../issuers/dnsimple/externalsecret.yaml      | 25 ++++++++++++++-----
 ...son-tech.yaml => issuer-zerossl-prod.yaml} | 14 ++++++++---
 2 files changed, 29 insertions(+), 10 deletions(-)
 rename kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/{issuer-letsencrypt-prod-jahanson-tech.yaml => issuer-zerossl-prod.yaml} (62%)

diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/externalsecret.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/externalsecret.yaml
index a2a3d8b..e59a412 100644
--- a/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/externalsecret.yaml
+++ b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/externalsecret.yaml
@@ -3,17 +3,30 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: dnsimple-api-token
+  name: zerossl-secret
   namespace: cert-manager
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
     name: onepassword-connect
   target:
-    name: dnsimple-api-token
+    name: zerossl-secret
     creationPolicy: Owner
-  data:
-    - secretKey: api-token
-      remoteRef:
+    template:
+      engineVersion: v2
+      data:
+        api-token: "{{ .cert_manager_api_token }}"
+        eab-hmac-key: "{{ .zerossl_eab_hmac_key }}"
+  dataFrom:
+    - extract:
         key: DNSimple
-        property: cert_manager_api_token
\ No newline at end of file
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "dnsimple_$1"
+    - extract:
+        key: ZeroSSL
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "zerossl_$1"
diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-prod-jahanson-tech.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-zerossl-prod.yaml
similarity index 62%
rename from kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-prod-jahanson-tech.yaml
rename to kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-zerossl-prod.yaml
index 1045576..5ae5ba4 100644
--- a/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-letsencrypt-prod-jahanson-tech.yaml
+++ b/kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-zerossl-prod.yaml
@@ -3,14 +3,20 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-dnsimple-prod-jahanson-tech
+  name: issuer-zerossl-prod
 spec:
   acme:
+    server: https://acme.zerossl.com/v2/DV90
     email: "joe@veri.dev"
     preferredChain: ""
     privateKeySecretRef:
-      name: letsencrypt-dnsimple-production
-    server: https://acme-v02.api.letsencrypt.org/directory
+      name: zerossl-production
+    externalAccountBinding:
+      keyID: feJODDijN9gypthMXaHtVA
+      keySecretRef:
+        name: zerossl-secret
+        key: eab-hmac-key
+      keyAlgorithm: HS256
     solvers:
       - dns01:
           webhook:
@@ -18,7 +24,7 @@ spec:
             solverName: dnsimple
             config:
               apiKeySecretRef:
-                name: dnsimple-api-token
+                name: zerossl-secret
                 key: api-token
         selector:
           dnsZones: