---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: "${SECRET_LETSENCRYPT_EMAIL}"
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
      - dns01:
          cloudflare:
            email: "${SECRET_MY_EMAIL}"
            apiTokenSecretRef:
              name: cloudflare-credentials
              key: api-token
        selector:
          dnsZones:
            - "${SECRET_NEW_DOMAIN}"
            - "internal.${SECRET_NEW_DOMAIN}"
            - "*.internal.${SECRET_NEW_DOMAIN}"