# Install cert-manager (Helm)
# helm install cert-manager jetstack/cert-manager # --namespace cert-manager # --create-namespace # --set installCRDs=true
---
# ClusterIssuer for Let's Encrypt (staging)
apiVersion: cert-manager.io/v1
#!/usr/bin/env bash
set -euo pipefail
certbot renew --quiet --deploy-hook "systemctl reload nginx"
openssl x509 -enddate -noout -in /etc/letsencrypt/live/example.com/fullchain.pem