update hetzner webhook

53ll/values.yaml.gotmpl

@@ -62,7 +62,7 @@ extraDeploy:
     spec:
       secretName: 53ll-ca-tls
       issuerRef:
-        name: letsencrypt-53ll
+        name: letsencrypt
         kind: ClusterIssuer
       dnsNames:
         - 53ll.ca

cert-manager-issuers/templates/clusterissuers.yaml

@@ -6,83 +6,25 @@ metadata:
 type: Opaque
 stringData:
   api-key: {{ .Values.hetzner.apiToken }}
+  
 ---
+
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-incngrnt
+  name: letsencrypt
 spec:
   acme:
     server: https://acme-v02.api.letsencrypt.org/directory
     email: {{ .Values.acme.email }}
     privateKeySecretRef:
-      name: letsencrypt-incngrnt-private-key
+      name: letsencrypt-private-key
     solvers:
       - dns01:
           webhook:
             groupName: acme.hetzner.com
             solverName: hetzner
             config:
-              secretName: hetzner-dns-credentials
-              zoneName: incngrnt.ca
-              apiUrl: https://dns.hetzner.com/api/v1
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-goatchat
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: {{ .Values.acme.email }}
-    privateKeySecretRef:
-      name: letsencrypt-goatchat-private-key
-    solvers:
-      - dns01:
-          webhook:
-            groupName: acme.hetzner.com
-            solverName: hetzner
-            config:
-              secretName: hetzner-dns-credentials
-              zoneName: goatchat.ca
-              apiUrl: https://dns.hetzner.com/api/v1
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-53ll
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: {{ .Values.acme.email }}
-    privateKeySecretRef:
-      name: letsencrypt-53ll-private-key
-    solvers:
-      - dns01:
-          webhook:
-            groupName: acme.hetzner.com
-            solverName: hetzner
-            config:
-              secretName: hetzner-dns-credentials
-              zoneName: 53ll.ca
-              apiUrl: https://dns.hetzner.com/api/v1
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-kgnot
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: {{ .Values.acme.email }}
-    privateKeySecretRef:
-      name: letsencrypt-kgnot-private-key
-    solvers:
-      - dns01:
-          webhook:
-            groupName: acme.hetzner.com
-            solverName: hetzner
-            config:
-              secretName: hetzner-dns-credentials
-              zoneName: kgnot.ca
-              apiUrl: https://dns.hetzner.com/api/v1
+              tokenSecretKeyRef:
+                name: hetzner-dns-credentials
+                key: api-key

gitea/values.yaml.gotmpl

@@ -78,7 +78,7 @@ extraDeploy:
   spec:
     secretName: git-incngrnt-ca-tls
     issuerRef:
-      name: letsencrypt-incngrnt
+      name: letsencrypt
       kind: ClusterIssuer
     dnsNames:
       - git.incngrnt.ca

helmfile.d/01-infrastructure.lock

@@ -4,8 +4,8 @@ dependencies:
     repository: https://charts.jetstack.io
     version: v1.19.3
   - name: cert-manager-webhook-hetzner
-    repository: https://vadimkim.github.io/cert-manager-webhook-hetzner
-    version: 1.4.2
+    repository: https://charts.hetzner.cloud
+    version: 0.6.5
   - name: rook-ceph
     repository: https://charts.rook.io/release
     version: v1.19.1
@@ -18,5 +18,5 @@ dependencies:
   - name: traefik
     repository: https://traefik.github.io/charts
     version: 39.0.1
-digest: sha256:8e957e53313a9832ece6030a561a98b95cced7a24454275cff91185f6fe42bc3
-generated: "2026-02-13T16:55:03.955849282-07:00"
+digest: sha256:25cfabc26443318cee8abd19ddbc5a46a6b35df903e879b8b089f07e8e4c4114
+generated: "2026-02-17T14:10:49.890917241-07:00"

helmfile.d/01-infrastructure.yaml

@@ -7,8 +7,8 @@ repositories:
     url: https://pkgs.tailscale.com/helmcharts
   - name: jetstack
     url: https://charts.jetstack.io
-  - name: cert-manager-webhook-hetzner
-    url: https://vadimkim.github.io/cert-manager-webhook-hetzner
+  - name: hcloud 
+    url: https://charts.hetzner.cloud
 
 lockFilePath: ./helmfile.d/01-infrastructure.lock
 releases:
@@ -28,9 +28,7 @@ releases:
   - name: cert-manager-webhook-hetzner
     namespace: cert-manager
     createNamespace: true
-    chart: cert-manager-webhook-hetzner/cert-manager-webhook-hetzner
-    values:
-      - ../cert-manager-hetzner-webhook/values.yaml.gotmpl
+    chart: hcloud/cert-manager-webhook-hetzner
   - name: cert-manager-issuers
     namespace: cert-manager
     createNamespace: true

kgnot/values.yaml.gotmpl

@@ -64,7 +64,7 @@ extraDeploy:
     spec:
       secretName: kgnot-ca-tls
       issuerRef:
-        name: letsencrypt-kgnot
+        name: letsencrypt
         kind: ClusterIssuer
       dnsNames:
         - kgnot.ca

traefik/values.yaml.gotmpl

@@ -116,7 +116,7 @@ extraObjects:
     spec:
       secretName: fog-incngrnt-ca-tls
       issuerRef:
-        name: letsencrypt-incngrnt
+        name: letsencrypt
         kind: ClusterIssuer
       dnsNames:
         - fog.incngrnt.ca
@@ -130,7 +130,7 @@ extraObjects:
     spec:
       secretName: goatchat-ca-tls
       issuerRef:
-        name: letsencrypt-goatchat
+        name: letsencrypt
         kind: ClusterIssuer
       dnsNames:
         - goatchat.ca
@@ -142,7 +142,7 @@ extraObjects:
     spec:
       secretName: incngrnt-ca-tls
       issuerRef:
-        name: letsencrypt-incngrnt
+        name: letsencrypt
         kind: ClusterIssuer
       dnsNames:
         - incngrnt.ca
@@ -154,7 +154,7 @@ extraObjects:
     spec:
       secretName: photos-incngrnt-ca-tls
       issuerRef:
-        name: letsencrypt-incngrnt
+        name: letsencrypt
         kind: ClusterIssuer
       dnsNames:
         - photos.incngrnt.ca