cert-manager vs. ACME protocol

2/22/2022

Trying to understand how cert-manager is different from the ACME protocol since both do the same thing. Does cert-manager use the ACME protocol?

We have our domain DNS in GoDaddy, a Kubernetes cluster in Oracle Cloud OCI and cert-manager and we use a cluster issuer (let's encrypt is the CA).

As far as I know, GoDaddy doesn't support acme protocol then how is HTTP-01 validation happening.

-- kachwa
acme
cert-manager
devops
kubernetes
ssl-certificate

1 Answer

2/22/2022

I suppose you are referring to cert-manager, the Kubernetes operator for dealing with TLS certificates. cert-manager implements the ACME client protocol defined in the RFC 8555.

As for the support of the ACME protocol by GoDaddy, I suppose you are referring to https://letsencrypt.org/docs/godaddy/:

If you use GoDaddy shared web hosting, it’s currently very difficult to install a Let’s Encrypt certificate. That’s because GoDaddy doesn’t support the ACME protocol for automated certificate issuance and renewal.

As I understand it, you registered your domain on GoDaddy, and your domain zone is hosted in GoDaddy's DNS service. Since you are not using GoDaddy's shared web hosting, you are not affected by the lack of ACME support when using GoDaddy's shared web hosting. You can safely use cert-manager's HTTP-01 or DNS-01 ACME solvers.

-- maelvls
Source: StackOverflow