# Filename: clusterissuer.yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-cloudflare # Or choose a different name (e.g., staging)
spec:
  acme:
    # --- Production Let's Encrypt ---
    server: https://acme-v02.api.letsencrypt.org/directory
    # --- Staging Let's Encrypt (use for testing to avoid rate limits) ---
    # server: https://acme-staging-v02.api.letsencrypt.org/directory

    email: jayisjam@gmail.com # Replace with your email address
    privateKeySecretRef:
      name: letsencrypt-cloudflare-private-key

    solvers:
      - dns01:
          cloudflare:
            apiTokenSecretRef:
              # This name MUST match the name of the Secret that Sealed Secrets will create
              name: cloudflare-api-token-secret
              # This key MUST match the key inside the Secret's data
              key: api-token