{"id":37154710,"url":"https://github.com/bratislava/cert-manager-webhook-websupport","last_synced_at":"2026-01-14T18:18:02.396Z","repository":{"id":65518324,"uuid":"592804322","full_name":"bratislava/cert-manager-webhook-websupport","owner":"bratislava","description":"A cert-manager webhook to perform DNS01 challenge through websupport DNS API","archived":false,"fork":false,"pushed_at":"2024-08-23T09:41:30.000Z","size":399,"stargazers_count":4,"open_issues_count":8,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-08-23T10:57:15.495Z","etag":null,"topics":["acme","cert-manager","cert-manager-webhook","websupport"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"eupl-1.2","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bratislava.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-01-24T15:18:21.000Z","updated_at":"2024-08-23T09:41:34.000Z","dependencies_parsed_at":"2024-04-03T14:26:23.254Z","dependency_job_id":"865120c2-7b0e-4269-8080-127600cfcc08","html_url":"https://github.com/bratislava/cert-manager-webhook-websupport","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/bratislava/cert-manager-webhook-websupport","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bratislava%2Fcert-manager-webhook-websupport","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bratislava%2Fcert-manager-webhook-websupport/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bratislava%2Fcert-manager-webhook-websupport/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bratislava%2Fcert-manager-webhook-websupport/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bratislava","download_url":"https://codeload.github.com/bratislava/cert-manager-webhook-websupport/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bratislava%2Fcert-manager-webhook-websupport/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28430280,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T16:38:47.836Z","status":"ssl_error","status_checked_at":"2026-01-14T16:34:59.695Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acme","cert-manager","cert-manager-webhook","websupport"],"created_at":"2026-01-14T18:18:01.637Z","updated_at":"2026-01-14T18:18:02.386Z","avatar_url":"https://github.com/bratislava.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ACME webhook for Websupport DNS\n\nThe ACME issuer type supports an optional 'webhook' solver, which can be used to implement custom [DNS01 challenge](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) solving logic. This is a implementation of such solver that supports DNS01 challenge with [websupport](https://www.websupport.sk/) DNS API.\n\nMore information about webhooks can be found: https://cert-manager.io/docs/configuration/acme/dns01/webhook/\n\n\u003e [!WARNING]\n\u003e Please note, that this is not official websupport cert-manager webhook, but rather community maintained one.\n\n\u003e [!NOTE]\n\u003e Currently, latest release supports these Kubernetes versions: `v1.22` → `v1.28`.\n\n## Usage\n\nYou have to have a working installation of [cert-manager](https://cert-manager.io/) in your kubernetes cluster, before installing this webhook. You can follow these official [instructions](https://cert-manager.io/docs/installation/) to install it.\n\n### Installation\n\nThis repository contains helm chart for deploying the webhook to kubernetes cluster. It is located in `deploy/` directory. You can build it by running by [Helm](https://helm.sh/), for example\n\n```sh\nhelm template \\\n    --set image.repository=websupport-webhook \\\n    --set image.tag=latest \\\n    --namespace=cert-manager \\\n    cert-manager-webhook-websupport \\\n    deploy/cert-manager-webhook-websupport \u003e manifest.yaml\n```\n\nor with `make` by running \n\n```sh\nmake rendered-manifest\n```\n\nThe latter one will generated the same manifest as you would get with the `helm template` command and will output it to  `_out/` folder. Manifest can then be applied by running\n\n```sh\nkubectl apply -f _out/rendered_manifest.yaml\n```\n\nOr lastly you can install directly through Helm and [GitHub release](https://github.com/bratislava/cert-manager-webhook-websupport/releases)\n\n```sh\nhelm repo add webhook-websupport https://github.com/bratislava/cert-manager-webhook-websupport/releases/download/\u003crelease-name\u003e/\nhelm install cert-manager-webhook-websupport webhook-websupport/cert-manager-webhook-websupport  \n```\n\nThis should install cert-manager into the cluster, to be able to issue certificates under it you need to create an `ClusterIssuer` under the cert-manager.\n\nFirst you need to obtain websupport API credentials: https://www.websupport.sk/podpora/kb/api-keys/. Store them as a secret in the cluster\n\n```sh\nkubectl --namespace cert-manager create secret generic websupport-secret \\\n  --from-literal=\"ApiKey=\u003cobtain-key\u003e\" \\\n  --from-literal=\"ApiSecret=\u003cobtain-secret\u003e\"\n```\n\nand then create `ClusterIssuer` resource, with reference to your secret\n\n```yaml\napiVersion: cert-manager.io/v1\nkind: ClusterIssuer\nmetadata:\n  name: letsencrypt-dns01\nspec:\n  acme:\n    # You must replace this email address with your own.\n    # Let's Encrypt will use this to contact you about expiring\n    # certificates, and issues related to your account.\n    email: contact@example.com\n    server: https://acme-v02.api.letsencrypt.org/directory\n    privateKeySecretRef:\n      name: letsencrypt-issuer-account-key\n    solvers:\n    - dns01:\n        webhook:\n          config:\n            apiKeySecretRef:\n              name: websupport-secret\n          groupName: cert-manager.io\n          solverName: websupport-solver\n```\n\nDepending on the version of your kubernetes and/or your cert-manager you might need to grant additional permissions.\n\n### Issue an certificate\n\nJust create an `Certificate` resource, with issuer name, that you have given to your solver in previous step (in our example it is `letsencrypt-dns01`).\n\n```sh\ncat \u003c\u003cEOF | kubectl create --edit -f -\napiVersion: cert-manager.io/v1\nkind: Certificate\nmetadata:\n  name: example-tls\nspec:\n  secretName: example-com-tls\n  dnsNames:\n  - example.com\n  - \"*.example.com\"\n  issuerRef:\n    name: letsencrypt-dns01\n    kind: ClusterIssuer\nEOF\n```\n\nOr you can do it by annotating you ingress\n\n```yaml\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n  annotations:\n    # add an annotation indicating the issuer to use.\n    cert-manager.io/cluster-issuer: letsencrypt-dns01\n```\n\n## Running the test suite\n\n**:orange_book: Currently, we do not have automated testing, and running the test will just run the [example one](https://github.com/cert-manager/webhook-example). But we are always looking for contribution so please feel free to contribute :smile:.**\n\nAll DNS providers **must** run the DNS01 provider conformance testing suite,\nelse they will have undetermined behaviour when used with cert-manager.\n\n**It is essential that you configure and run the test suite when creating a\nDNS01 webhook.**\n\nAn example Go test file has been provided in [main_test.go](https://github.com/cert-manager/webhook-example/blob/master/main_test.go).\n\nYou can run the test suite with:\n\n```bash\n$ TEST_ZONE_NAME=example.com. make test\n```\n\nThe example file has a number of areas you must fill in and replace with your\nown options in order for tests to pass.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbratislava%2Fcert-manager-webhook-websupport","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbratislava%2Fcert-manager-webhook-websupport","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbratislava%2Fcert-manager-webhook-websupport/lists"}