A webhook to use Vercel DNS Manager as a DNS01 ACME Issuer for cert-manager.
helm install cert-manager-webhook-vercel \
--namespace cert-manager \
https://github.com/rhythmbhiwani/cert-manager-webhook-vercel/releases/download/cert-manager-webhook-vercel-v1.1.1/cert-manager-webhook-vercel-v1.1.1.tgzGet your vercel token from https://vercel.com/account/tokens with proper scope
kubectl create secret generic vercel-credentials \
--namespace=cert-manager \
--from-literal=token=<VERCEL TOKEN>apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
email: example@example.com
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- dns01:
cnameStrategy: Follow
webhook:
config:
apiKeySecretRef:
key: token
name: vercel-credentials
teamId: ""
teamSlug: ""
groupName: acme.rhythmbhiwani.in
solverName: vercelFill appropriate details above in the config. If your domains are under specific team, you can enter their teamId or teamSlug or both.
If your domains are not using CNAME, then you can remove the line cnameStrategy: Follow.
Conformance testing is achieved through Kubernetes emulation via the kubebuilder-tools suite, in conjunction with real calls to the Vercel API on an test domain, using a valid API token.
The test configures a cert-manager-dns01-tests TXT entry, attempts to verify its presence, and removes the entry, thereby verifying the Prepare and CleanUp functions.
Run the test suite with:
export VERCEL_TOKEN=$(echo -n "<your API token>" | base64 -w 0)
envsubst < testdata/vercel/secret.yaml.example > testdata/vercel/secret.yaml
TEST_ZONE_NAME=yourdomain.com. make test