cert-manager · lunarwhite · Nov 19, 2025 · Nov 19, 2025 · Nov 20, 2025 · SgtCoDFish
diff --git a/.spelling b/.spelling
@@ -853,6 +853,7 @@ example.org
 experimental.cert
 http01-edit-in-place
 http01-ingress-class
+http01-ingress-ingressclassname
 ingress.class
 ip-sans
 kubernetes.io

diff --git a/content/docs/configuration/acme/http01/README.md b/content/docs/configuration/acme/http01/README.md
@@ -69,6 +69,9 @@ controllers support `ingressClassName`, with the notable exception of
 ingress-gce (as per the page [Configure Ingress for external load
 balancing](https://cloud.google.com/kubernetes-engine/docs/how-to/load-balance-ingress)).
 
+> You can override the `ingressClassName` on a per-Ingress basis using the
+[`acme.cert-manager.io/http01-ingress-ingressclassname`](https://cert-manager.io/docs/reference/annotations/#acmecert-manageriohttp01-ingress-ingressclassname) annotation.
+
 ### `class`
 
 If the `class` field is specified, a new Ingress resource with a randomly
@@ -79,6 +82,9 @@ value set to the value of the `class` field.
 This field is only recommended with ingress-gce. ingress-gce [doesn't support the
 `ingressClassName` field](https://cloud.google.com/kubernetes-engine/docs/how-to/load-balance-ingress).
 
+> You can override the `class` on a per-Ingress basis using the
+[`acme.cert-manager.io/http01-ingress-class`](https://cert-manager.io/docs/reference/annotations/#acmecert-manageriohttp01-ingress-class) annotation.
+
 ### `name`
 
 If the `name` field is specified, cert-manager will edit the named

diff --git a/content/docs/reference/annotations.md b/content/docs/reference/annotations.md
@@ -27,12 +27,20 @@ This is useful for keeping compatibility with the `ingress-gce` component.
 ## acme.cert-manager.io/http01-ingress-class
 - [Ingress](../usage/ingress.md)
 
-this annotation allows you to configure the ingress class that will be used to
-solve challenges for this ingress. Customizing this is useful when you are
-trying to secure internal services, and need to solve challenges using a
-different ingress class to that of the ingress. If not specified and the
-`acme-http01-edit-in-place` annotation is not set, this defaults to the ingress
-class defined in the Issuer resource.
+Allows the `kubernetes.io/ingress.class` annotation to be configured.
+Customizing this is useful when you are trying
+to secure internal services, and need to solve challenges using a different ingress class
+to that of the ingress. If not specified and the `acme-http01-edit-in-place` annotation is
+not set, this defaults to the `http01.ingress.class` defined in the Issuer resource.
+
+## acme.cert-manager.io/http01-ingress-ingressclassname
+- [Ingress](../usage/ingress.md)
+
+Allows the Ingress's `spec.ingressClassName` to be configured.
+Customizing this is useful when you are trying
+to secure internal services, and need to solve challenges using a different ingress class
+to that of the ingress. If not specified and the `acme-http01-edit-in-place` annotation is
+not set, this defaults to the `http01.ingress.ingressClassName` defined in the Issuer resource.
 
 ## cert-manager.io/allow-direct-injection
 - `Secret`

diff --git a/content/docs/usage/ingress.md b/content/docs/usage/ingress.md
@@ -3,7 +3,7 @@ title: Annotated Ingress resource
 description: 'cert-manager usage: Kubernetes Ingress'
 ---
 
-> **apiVersion:** networking.k8s.io/v1  
+> **apiVersion:** networking.k8s.io/v1
 > **kind:** Ingress
 
 <div style={{textAlign: "center"}}>
@@ -89,11 +89,19 @@ trigger `Certificate` resources to be automatically created:
   container.
 
 - `acme.cert-manager.io/http01-ingress-class`: this annotation allows you to
-  configure the ingress class that will be used to solve challenges for this
-  ingress. Customizing this is useful when you are trying to secure internal
+  configure the `kubernetes.io/ingress.class` that will be used to solve challenges
+  for this ingress. Customizing this is useful when you are trying to secure internal
   services, and need to solve challenges using a different ingress class to that
   of the ingress. If not specified and the `acme-http01-edit-in-place` annotation
-  is not set, this defaults to the ingress class defined in the Issuer resource.
+  is not set, this defaults to the `http01.ingress.class` defined in the Issuer resource.
+
+- `acme.cert-manager.io/http01-ingress-ingressclassname`: this annotation allows you to
+  configure the `spec.ingressClassName` that will be used to solve challenges
+  for this ingress. Customizing this is useful when you are trying to secure internal
+  services, and need to solve challenges using a different ingress class to that
+  of the ingress. If not specified and the `acme-http01-edit-in-place` annotation
+  is not set, this defaults to the `http01.ingress.ingressClassName` defined in the
+  Issuer resource.
 
 - `acme.cert-manager.io/http01-edit-in-place: "true"`: this controls whether the
   ingress is modified 'in-place', or a new one is created specifically for the

diff --git a/public/_redirects b/public/_redirects
@@ -291,6 +291,7 @@ https://cert-manager.io/usages https://cert-manager.io/docs/reference/annotation
 # (as well as configuration in netlify) for each of these to enable these to work.
 https://acme.cert-manager.io/http01-edit-in-place https://cert-manager.io/docs/reference/annotations#acmecert-manageriohttp01-edit-in-place 301!
 https://acme.cert-manager.io/http01-ingress-class https://cert-manager.io/docs/reference/annotations#acmecert-manageriohttp01-ingress-class 301!
+https://acme.cert-manager.io/http01-ingress-ingressclassname https://cert-manager.io/docs/reference/annotations#acmecert-manageriohttp01-ingress-ingressclassname 301!
 
 https://experimental.cert-manager.io/request-duration https://cert-manager.io/docs/reference/annotations#experimentalcert-manageriorequest-duration 301!
 https://experimental.cert-manager.io/request-is-ca https://cert-manager.io/docs/reference/annotations#experimentalcert-manageriorequest-is-ca 301!