I have a Kubernetes cluster with nginx ingress.
I am trying to have ZeroSSL to provision SSL. I have setup ClusterIssuer and Ingress. The cluster issuer fails with error "Failed to register ACME account: 400 urn:ietf:params:acme:error:externalAccountRequired: The request must include a value for the "externalAccountBinding" field"
This application will be installed by many users. I do not want everyone to create a ZeroSSL account and provide an EAB. How can I enable only email based ClusterIssuer for ZeroSSL?
I know this is possible because I found the following
If you don't have a ZeroSSL account, you can let acme-companion create a Zero SSL account with the adress provided in the ACME_EMAIL or DEFAULT_EMAIL environment variable. Note that the adresse that will be used must be a valid email adress that you actually own.
- Acme.sh uses ZeroSSL and does not need EAB. It can work with just email. If no EAB provided, it will use email to create EAB. Ref: https://github.com/acmesh-official/acme.sh/blob/7221d488e54dfc6bcb30ca562f6d6e38ec5bf6ce/acme.sh#L3683
How can I make cert-manager to auto generate EAB using the email and use it to issue SSL?
