Created
September 23, 2025 19:11
-
-
Save harsh4870/afa527d599436c85fec869af5244a4ae to your computer and use it in GitHub Desktop.
Cloudflare DNS wildcard certificate generation and add it into the K8s
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| # ========================== | |
| # Configuration | |
| # ========================== | |
| TOKEN_VALUE="asldfjasdlfjas;ldf " | |
| EMAIL="test@example.com" | |
| DOMAIN="domain.com" | |
| WILDCARD="*.domain.com" | |
| CF_INI="cloudflare.ini" | |
| # ========================== | |
| # Create Cloudflare credentials file | |
| # ========================== | |
| cat > "$CF_INI" <<EOF | |
| dns_cloudflare_api_token = $TOKEN_VALUE | |
| EOF | |
| chmod 600 "$CF_INI" | |
| # ========================== | |
| # Run Certbot | |
| # ========================== | |
| sudo certbot certonly \ | |
| --manual \ | |
| --preferred-challenges=dns \ | |
| -d "$WILDCARD" \ | |
| -d "$DOMAIN" \ | |
| --manual-public-ip-logging-ok \ | |
| --agree-tos \ | |
| --no-eff-email \ | |
| -m "$EMAIL" | |
| sudo cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem ./pub.key | |
| sudo cp /etc/letsencrypt/live/$DOMAIN/privkey.pem ./priv.key | |
| kubectl create secret tls wildcard-tls-secret --cert=./pub.key --key=./priv.key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment