Trying ZeroSSL

kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/externalsecret.yaml

@@ -3,17 +3,30 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: dnsimple-api-token
+  name: zerossl-secret
   namespace: cert-manager
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
     name: onepassword-connect
   target:
-    name: dnsimple-api-token
+    name: zerossl-secret
     creationPolicy: Owner
-  data:
-    - secretKey: api-token
-      remoteRef:
+    template:
+      engineVersion: v2
+      data:
+        api-token: "{{ .cert_manager_api_token }}"
+        eab-hmac-key: "{{ .zerossl_eab_hmac_key }}"
+  dataFrom:
+    - extract:
         key: DNSimple
-        property: cert_manager_api_token
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "dnsimple_$1"
+    - extract:
+        key: ZeroSSL
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "zerossl_$1"

kubernetes/apps/cert-manager/cert-manager/issuers/dnsimple/issuer-zerossl-prod.yaml

@@ -3,14 +3,20 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-dnsimple-prod-jahanson-tech
+  name: issuer-zerossl-prod
 spec:
   acme:
+    server: https://acme.zerossl.com/v2/DV90
     email: "joe@veri.dev"
     preferredChain: ""
     privateKeySecretRef:
-      name: letsencrypt-dnsimple-production
-    server: https://acme-v02.api.letsencrypt.org/directory
+      name: zerossl-production
+    externalAccountBinding:
+      keyID: feJODDijN9gypthMXaHtVA
+      keySecretRef:
+        name: zerossl-secret
+        key: eab-hmac-key
+      keyAlgorithm: HS256
     solvers:
       - dns01:
           webhook:
@@ -18,7 +24,7 @@ spec:
             solverName: dnsimple
             config:
               apiKeySecretRef:
-                name: dnsimple-api-token
+                name: zerossl-secret
                 key: api-token
         selector:
           dnsZones: