Similar questions have been asked before, I am not sure if I understood the answers.
I have created the wild card certs for my domain on my local laptop, created a kubernetes secret and applied that to the ingress controller.
I want to automate the renewal, every 90 days, i want a ci/cd pipeline to get new certs and update the secret.
My questions are (and I am trying to think through the automation process)
- do i upload the certs/keys to a bucket
- create a certbot container in a CI/CD pipeline, download the contents from the bucket
- renew the certs
- update the kubernetes secrets
- upload the new certs/keys to the bucket?
Is there a better way to automate the process?
Is there in flaw (security, permissions etc)?
Can I incorporate the certbot docker image (somehow, so I don’t have to maintain my own image)?
I am new to letsencrypt, and I might not be asking all the right questions