Sectigo provides a seamless way to retrieve SSL/TLS certificates issued by the Sectigo public or private CA via the ACME server. The server needs the external account binding information to register the ACME account and issue certificates for that account when requested.

Cert-Manager is a Kubernetes native certificate manager which supports external account binding (EAB). It works by creating Issuers or Cluster Issuers in Kubernetes to provision certificates from ACME servers.

This guide describes the use of a new version of the plugin which doesn’t require a separate ACME-EABTool.

The following diagram illustrates the integration architecture.

Sectigo Kubernetes ACME integration diagram