Cert-manager: Add Let's Encrypt as SSL certificate provider

[ricsanfre]

Enhancement Request

Add to cert-manager configuration Let's Encrypt as SSL certificate provider

Implementation details

Lets Encrypt provide publicly validated TLS certificates for free. Not need to generate auto-signed SSL Certificates for the websites that are not automatic validated by HTTP browsers.
Let's Encrypt uses two mechanisms before issuing the certificate to validate that we own the DNS domain: DNS validation or HTTP validation mechanism. HTTP validation implies opening to Internet my home cluster services, which it is not a valid option for my home lab. DNS validation should be used instead.

Cert-manager by default support several DNS providers to automatically configure the requested DNS record challenge. For supporting additional DNS providers webhooks can be developed. See supported list and further documentation here.

IONOS, my DNS server provider, is not in the list of supported ones.

Since Dec 2020, IONOS launched an API for remotely configure DNS, and so the integration could be possible as it is detailed in this post. This new API can be used as well for developing a Certbot plugin (Cerbot is an opensource software to automate the interaction with Let's Encrypt). See git repository (https://github.com/helgeerbe/certbot-dns-ionos)

Unfortunately IONOS API is part of a beta program that it is not available yet in my location (Spain).

[ricsanfre]

IONOS API is already available in Spain. Get started document

[ricsanfre]

About IONOS support in cert-manager as DNS01 challenge provider

IONOS is not in the list of providers supported by cert-manager

cert-manager also supports others DNS providers using an external webhook.

IONOS is not in the list of supported ones, but there is a github project providing a IONOS cert-manager webhook