From dece1c54aa19ab28553250c5e8c89b6f533f86ee Mon Sep 17 00:00:00 2001
From: Grant Hunter <5445379+grantdhunter@users.noreply.github.com>
Date: Tue, 17 Feb 2026 14:50:24 -0700
Subject: [PATCH] update hetzner webhook

---
 53ll/values.yaml.gotmpl                       |  2 +-
 .../templates/clusterissuers.yaml             | 72 ++-----------------
 gitea/values.yaml.gotmpl                      |  2 +-
 helmfile.d/01-infrastructure.lock             |  8 +--
 helmfile.d/01-infrastructure.yaml             |  8 +--
 kgnot/values.yaml.gotmpl                      |  2 +-
 traefik/values.yaml.gotmpl                    |  8 +--
 7 files changed, 21 insertions(+), 81 deletions(-)

diff --git a/53ll/values.yaml.gotmpl b/53ll/values.yaml.gotmpl
index 9e2c69e..904b29e 100644
--- a/53ll/values.yaml.gotmpl
+++ b/53ll/values.yaml.gotmpl
@@ -62,7 +62,7 @@ extraDeploy:
     spec:
       secretName: 53ll-ca-tls
       issuerRef:
-        name: letsencrypt-53ll
+        name: letsencrypt
         kind: ClusterIssuer
       dnsNames:
         - 53ll.ca
\ No newline at end of file
diff --git a/cert-manager-issuers/templates/clusterissuers.yaml b/cert-manager-issuers/templates/clusterissuers.yaml
index b2b04b4..8e4c767 100644
--- a/cert-manager-issuers/templates/clusterissuers.yaml
+++ b/cert-manager-issuers/templates/clusterissuers.yaml
@@ -6,83 +6,25 @@ metadata:
 type: Opaque
 stringData:
   api-key: {{ .Values.hetzner.apiToken }}
+  
 ---
+
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-incngrnt
+  name: letsencrypt
 spec:
   acme:
     server: https://acme-v02.api.letsencrypt.org/directory
     email: {{ .Values.acme.email }}
     privateKeySecretRef:
-      name: letsencrypt-incngrnt-private-key
+      name: letsencrypt-private-key
     solvers:
       - dns01:
           webhook:
             groupName: acme.hetzner.com
             solverName: hetzner
             config:
-              secretName: hetzner-dns-credentials
-              zoneName: incngrnt.ca
-              apiUrl: https://dns.hetzner.com/api/v1
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-goatchat
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: {{ .Values.acme.email }}
-    privateKeySecretRef:
-      name: letsencrypt-goatchat-private-key
-    solvers:
-      - dns01:
-          webhook:
-            groupName: acme.hetzner.com
-            solverName: hetzner
-            config:
-              secretName: hetzner-dns-credentials
-              zoneName: goatchat.ca
-              apiUrl: https://dns.hetzner.com/api/v1
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-53ll
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: {{ .Values.acme.email }}
-    privateKeySecretRef:
-      name: letsencrypt-53ll-private-key
-    solvers:
-      - dns01:
-          webhook:
-            groupName: acme.hetzner.com
-            solverName: hetzner
-            config:
-              secretName: hetzner-dns-credentials
-              zoneName: 53ll.ca
-              apiUrl: https://dns.hetzner.com/api/v1
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt-kgnot
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: {{ .Values.acme.email }}
-    privateKeySecretRef:
-      name: letsencrypt-kgnot-private-key
-    solvers:
-      - dns01:
-          webhook:
-            groupName: acme.hetzner.com
-            solverName: hetzner
-            config:
-              secretName: hetzner-dns-credentials
-              zoneName: kgnot.ca
-              apiUrl: https://dns.hetzner.com/api/v1
+              tokenSecretKeyRef:
+                name: hetzner-dns-credentials
+                key: api-key
diff --git a/gitea/values.yaml.gotmpl b/gitea/values.yaml.gotmpl
index 9e8d079..a338003 100644
--- a/gitea/values.yaml.gotmpl
+++ b/gitea/values.yaml.gotmpl
@@ -78,7 +78,7 @@ extraDeploy:
   spec:
     secretName: git-incngrnt-ca-tls
     issuerRef:
-      name: letsencrypt-incngrnt
+      name: letsencrypt
       kind: ClusterIssuer
     dnsNames:
       - git.incngrnt.ca
diff --git a/helmfile.d/01-infrastructure.lock b/helmfile.d/01-infrastructure.lock
index 278af3d..9d24740 100644
--- a/helmfile.d/01-infrastructure.lock
+++ b/helmfile.d/01-infrastructure.lock
@@ -4,8 +4,8 @@ dependencies:
     repository: https://charts.jetstack.io
     version: v1.19.3
   - name: cert-manager-webhook-hetzner
-    repository: https://vadimkim.github.io/cert-manager-webhook-hetzner
-    version: 1.4.2
+    repository: https://charts.hetzner.cloud
+    version: 0.6.5
   - name: rook-ceph
     repository: https://charts.rook.io/release
     version: v1.19.1
@@ -18,5 +18,5 @@ dependencies:
   - name: traefik
     repository: https://traefik.github.io/charts
     version: 39.0.1
-digest: sha256:8e957e53313a9832ece6030a561a98b95cced7a24454275cff91185f6fe42bc3
-generated: "2026-02-13T16:55:03.955849282-07:00"
+digest: sha256:25cfabc26443318cee8abd19ddbc5a46a6b35df903e879b8b089f07e8e4c4114
+generated: "2026-02-17T14:10:49.890917241-07:00"
diff --git a/helmfile.d/01-infrastructure.yaml b/helmfile.d/01-infrastructure.yaml
index e8bbcdd..30a8380 100644
--- a/helmfile.d/01-infrastructure.yaml
+++ b/helmfile.d/01-infrastructure.yaml
@@ -7,8 +7,8 @@ repositories:
     url: https://pkgs.tailscale.com/helmcharts
   - name: jetstack
     url: https://charts.jetstack.io
-  - name: cert-manager-webhook-hetzner
-    url: https://vadimkim.github.io/cert-manager-webhook-hetzner
+  - name: hcloud 
+    url: https://charts.hetzner.cloud
 
 lockFilePath: ./helmfile.d/01-infrastructure.lock
 releases:
@@ -28,9 +28,7 @@ releases:
   - name: cert-manager-webhook-hetzner
     namespace: cert-manager
     createNamespace: true
-    chart: cert-manager-webhook-hetzner/cert-manager-webhook-hetzner
-    values:
-      - ../cert-manager-hetzner-webhook/values.yaml.gotmpl
+    chart: hcloud/cert-manager-webhook-hetzner
   - name: cert-manager-issuers
     namespace: cert-manager
     createNamespace: true
diff --git a/kgnot/values.yaml.gotmpl b/kgnot/values.yaml.gotmpl
index c9a76c6..3ba518d 100644
--- a/kgnot/values.yaml.gotmpl
+++ b/kgnot/values.yaml.gotmpl
@@ -64,7 +64,7 @@ extraDeploy:
     spec:
       secretName: kgnot-ca-tls
       issuerRef:
-        name: letsencrypt-kgnot
+        name: letsencrypt
         kind: ClusterIssuer
       dnsNames:
         - kgnot.ca
\ No newline at end of file
diff --git a/traefik/values.yaml.gotmpl b/traefik/values.yaml.gotmpl
index 5b73bdf..015cf4a 100644
--- a/traefik/values.yaml.gotmpl
+++ b/traefik/values.yaml.gotmpl
@@ -116,7 +116,7 @@ extraObjects:
     spec:
       secretName: fog-incngrnt-ca-tls
       issuerRef:
-        name: letsencrypt-incngrnt
+        name: letsencrypt
         kind: ClusterIssuer
       dnsNames:
         - fog.incngrnt.ca
@@ -130,7 +130,7 @@ extraObjects:
     spec:
       secretName: goatchat-ca-tls
       issuerRef:
-        name: letsencrypt-goatchat
+        name: letsencrypt
         kind: ClusterIssuer
       dnsNames:
         - goatchat.ca
@@ -142,7 +142,7 @@ extraObjects:
     spec:
       secretName: incngrnt-ca-tls
       issuerRef:
-        name: letsencrypt-incngrnt
+        name: letsencrypt
         kind: ClusterIssuer
       dnsNames:
         - incngrnt.ca
@@ -154,7 +154,7 @@ extraObjects:
     spec:
       secretName: photos-incngrnt-ca-tls
       issuerRef:
-        name: letsencrypt-incngrnt
+        name: letsencrypt
         kind: ClusterIssuer
       dnsNames:
         - photos.incngrnt.ca