---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: "${SECRET_LETSENCRYPT_EMAIL}"
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
#      - http01:
#          ingress:
#            class: traefik
      - dns01:
          cloudflare:
            email: "${SECRET_MY_EMAIL}"
            apiTokenSecretRef:
              name: cloudflare-credentials
              key: api-token
        selector:
          dnsZones:
            - "${SECRET_NEW_DOMAIN}"