Integrate with Kubernetes to get certificates using cert-manager via the ACMEv2 protocol.
Before you begin
Create a certificate profile for 3rd-party ACME client enrollment to get the required ACME URL and EAB credentials.
Download the sample scripts
Download the package and extract the contents of the ZIP file to get the sample scripts, digicert_acme_cert_main.yml and get-cert.yml .
Configure the script
-
Create an installation directory and extract/copy the
digicert_acme_cert_main.ymlandget-cert.ymlscripts into. -
Customize the sample script
digicert_acme_cert_main.ymlor use it to create your own script file. -
Specify the certificate parameters in the script under
vars:-
cert_cn: Common name of the certificate. -
contact_email: Email ID of the admin. -
eab_kid: External account binding (EAB) key identifier from your certificate profile in Trust Lifecycle Manager. -
eab_key: EAB HMAC from your certificate profile.
Optionally, you can specify other parameters and update the default settings:
-
data_dir: Location of the default data directory in the installation directory where all generated keys and issued certificates are stored. You can change it to your preferred location.For example:
data/accountkey.pem{{cert_cn}}.csr{{cert_cn}}.key{{cert_cn}}.pem{{cert_cn}}-chain.pem{{cert_cn}}-fullchain.pem -
subject_alt_name: Specify the Subject Alternative Names (SANs) you wish to secure with this certificate.
-
Request a certificate
Run the following Ansible playbook command from the installation directory where you set up your script:
-
As root user:
ansible-playbook digicert_acme_cert_main.yml -
As non-root user:
ansible-playbook --become-user <BECOME_USER> digicert_acme_cert_main.yml
Your certificate is issued and stored in the data directory.