wild-cloud/setup/cluster/cert-manager/kustomize/letsencrypt-prod-dns01.yaml

---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: paul@payne.io
    privateKeySecretRef:
      name: letsencrypt-prod
    server: https://acme-v02.api.letsencrypt.org/directory
    solvers:
    # DNS-01 solver for wildcard certificates
    - dns01:
        cloudflare:
          email: paul@payne.io
          apiTokenSecretRef:
            name: cloudflare-api-token
            key: api-token
      selector:
        dnsZones:
        - "payne.io"
    # Keep the HTTP-01 solver for non-wildcard certificates
    - http01:
        ingress:
          class: traefik