I would like to integrate my ejabbberd server into my Kubernetes cluster.
My server runs on the main domain example.com and is routed with a few DNS records such as _xmpp-server._tcp.example.com, which is updated from my IPfire and forwards the required ports to the ejabberd server.
Up to now I copied certificates from my hoster via cronjob to the ejabberd. But now the cert-manager should do this and there is my problem at the moment.
The port to solve the acme challenge for my main domain points to my hoster, because the website is still running there. Is there a way to solve the second challenge for example.com with the cert-manager on my bare metal kubernetes-homeserver anyway?
I am vaguely familiar with cert-manager. But, can't Kubernetes use certs you obtain somewhere else so you can just continue copying the cert from your hoster? Searching the Kubernetes docs I see references for custom certs which seems applicable.
Error creating new order :: Cannot issue for "_test.example.com": Domain name contains an invalid character
Although that specific hostname containing underscores is probably for a SRV RR which would point to the actual Jabber server. So I'm guessing the SRV hostname doesn't require a certificate itself, only the hostname in its contents, right?
The DNS name shown is most likely a SRV RR. There is no need to obtain a certificate for a SRV RR, it's a dynamically constructed lookup query only used for service discovery. The actual certificate would be issued for a proper FQDN.
I used the exact same wording from your request ("delegate the challenge").
If the end result points to the correct IP, then yes.
If not, then you need to make that happen.
"Delegation" is a term typically used with DNS zones.
We spoke about port 53 [TCP and UDP] - those are DNS ports.
If you can run your own DNS server, then you can handle the DNS authentication within it [locally].
But you would first have to "delegate" the DNS authority of a single name (or an entire folder/sub-zone) to your IP.