Akamai
Edge DNS
Use Edge DNS to solve DNS01 ACME challenges by creating a Secret using Akamai API credentials and an Issuer that references the Secret and sets the solver type.
Create a Secret
The Secret should look like the following for the Issuer to reference. Replace use_akamai_client_secret, use_akamai_access_token and use_akamai_client_token with the respective Akamai API credential values.
apiVersion: v1kind: Secretmetadata:name: akamai-secrettype: OpaquestringData:clientSecret: use_akamai_client_secretaccessToken: use_akamai_access_tokenclientToken: use_akamai_client_token
Create an Issuer
To set Edge DNS for challenge tokens, cert-manager uses an Issuer that references the above Secret and other attributes such as the solver type. The Issuer should look like the following. Replace use_akamai_host with the Akamai API credential host value.
apiVersion: cert-manager.io/v1kind: Issuermetadata:name: letsencrypt-akamai-dnsspec:acme:server: https://acme-v02.api.letsencrypt.org/directoryemail: contact@me.comprivateKeySecretRef:name: letsencrypt-akamai-issuer-account-keysolvers:- dns01:akamai:serviceConsumerDomain: use_akamai_hostclientTokenSecretRef:name: akamai-secretkey: clientTokenclientSecretSecretRef:name: akamai-secretkey: clientSecretaccessTokenSecretRef:name: akamai-secretkey: accessToken
Create a Certificate
The Certificate should look like the following and reference the Akamai Edge DNS Issuer above.
apiVersion: cert-manager.io/v1kind: Certificatemetadata:name: example-zonespec:secretName: akamai-crt-secretdnsNames:- '*.example.zone'issuerRef:name: letsencrypt-akamai-dnskind: Issuer
Note:
cert-managerwill wait for challenge tokens to propagate across the Edge DNS network. Follow thecertificatestatus with a command such as the following.
kubectl describe certificate example-zone
Troubleshooting
Follow the cert-manager events to identify any issues with a command such as the following.
cmctl status certificate example-zone
