Version 1.18.0 of the CoreWeave cert-manager Helm chart, which bundles version 1.4.0 of theDocumentation Index
Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt
Use this file to discover all available pages before exploring further.
cert-issuers subchart, switches the bundled Let’s Encrypt ClusterIssuers from HTTP01 to DNS01 challenges. DNS01 is solved through a CoreWeave webhook at acme.coreweave.com, so cert-manager no longer needs to present a challenge token over HTTP through a temporary Ingress.
Overview
Previous versions of the chart configured the bundledletsencrypt-prod and letsencrypt-staging ClusterIssuers to use the HTTP01 ingress solver. That solver required a working ingress controller and a publicly reachable Ingress so the ACME CA server could fetch a challenge token over HTTP. With version 1.18.0, the bundled issuers use a webhook-based DNS01 solver instead.
Changes
- DNS01 challenges by default: Bundled
letsencrypt-prodandletsencrypt-stagingClusterIssuersuse adns01.webhooksolver. - Ingress controller no longer required for certificate issuance: The
HTTP01ingress solver is no longer used, so an ingress controller such as Traefik is no longer a prerequisite for issuing a certificate. An ingress controller is still required to serve HTTPS traffic, but cert-manager can request and renew certificates before one is deployed. - Wildcard certificates supported: The
DNS01challenge type supports wildcard certificates, which were not possible with the previousHTTP01configuration. - No public challenge endpoint: Because the challenge is resolved through DNS, cert-manager does not create a temporary Ingress or expose a token over HTTP during issuance.
Upgrade
Upgrade to the new chart version with Helm:Certificate resources that reference the bundled letsencrypt-prod or letsencrypt-staging ClusterIssuers are reissued through DNS01 on the next renewal. Custom ClusterIssuers and Issuers defined outside the bundled set are unchanged.