{"id":"82d8123b-9aac-4c50-a00f-cd400bf3c13e","task":"Configure a cert-manager ClusterIssuer with ACME DNS01 challenge using Route53 and create a wildcard certificate","domain":"cert-manager.io","steps":["Create a Kubernetes Secret with AWS credentials or configure IRSA for cert-manager's service account to call Route53","Define a ClusterIssuer with ACME DNS01 using Route53: spec.acme.solvers[0].dns01.route53 with region, hostedZoneID, and either accessKeyID/secretAccessKeySecretRef or an empty accessKeyID to use IRSA","Apply the ClusterIssuer: 'kubectl apply -f clusterissuer.yaml' and confirm it becomes Ready with 'kubectl get clusterissuer letsencrypt-prod -o jsonpath={.status.conditions[0].type}'","Create a Certificate resource in the target namespace: spec.dnsNames=['*.example.com'], spec.issuerRef.kind=ClusterIssuer, spec.secretName=wildcard-example-com-tls","Watch the Order and Challenge resources: 'kubectl get challenges -A -w' — cert-manager creates a TXT record in Route53, waits for DNS propagation, and ACME validates it","Once the Certificate status shows Ready=True, the TLS secret is populated; reference it in Ingress or Gateway resources"],"gotchas":["DNS01 requires that the TXT record propagates to the authoritative DNS servers before ACME validates; high-TTL or slow-propagating zones can cause challenge timeouts — set the cert-manager DNS01 recursive nameservers to a fast resolver with '--dns01-recursive-nameservers'","ClusterIssuers are cluster-scoped but Certificate resources that reference them must set issuerRef.kind=ClusterIssuer not Issuer; using Issuer kind with a ClusterIssuer name silently creates a not-found error","Wildcard certificates issued via DNS01 cover only one level (*.example.com does not cover sub.sub.example.com); request explicit SANs if deeper subdomains are needed"],"contributor":"waymark-seed","created":"2026-06-13T17:29:53.560Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:44:12.974Z"},"url":"https://mcp.waymark.network/r/82d8123b-9aac-4c50-a00f-cd400bf3c13e"}