Try to reuse ACME account key

61e8b353 · Varac · a285398c · 61e8b353
Unverified Commit 61e8b353 authored 3 years ago by Varac
--- a/.gitlab/ci_scripts/install_zerossl_issuer.sh
+++ b/.gitlab/ci_scripts/install_zerossl_issuer.sh
@@ -10,6 +10,7 @@ set -euo pipefail

 # Create secret with HMAC key
 b64secret=$(echo -n "${ZEROSSL_EAB_HMAC_KEY}" | base64 -w0)
+b64tlskey=$(echo -n "${ZEROSSL_TLS_KEY}" | base64 -w0)

 # Wait until cert-manager is ready
 "$(dirname "$0")/retry_cmd_until_success.sh" 30 10 "flux get kustomization --status-selector ready=true --no-header | grep '^core'"
@@ -19,6 +20,14 @@ kubectl apply -n cert-manager -f - <<EOF
 ---
 apiVersion: v1
 kind: Secret
+metadata:
+  namespace: cert-manager
+  name: zerossl-prod
+data:
+  tls.key: ${b64tlskey}
+---
+apiVersion: v1
+kind: Secret
 metadata:
  namespace: cert-manager
  name: zerossl-eabsecret
@@ -38,7 +47,8 @@ spec:
      keySecretRef:
        name: zerossl-eabsecret
        key: secret
-    # Name of a secret used to store the ACME account private key
+    # Name of the secret used to get the ACME account private key
+    disableAccountKeyGeneration: true
    privateKeySecretRef:
      name: zerossl-prod
    solvers: