-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
c3ad881
commit d11d746
Showing
2 changed files
with
82 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,51 @@ | ||
| # certmaestro | ||
| Automatically renew certs and install to destinations | ||
| # Certmaster | ||
|
|
||
| Certmaster automates the process of renewing and installing SSL certificates. | ||
|
|
||
| 1. Creates an SSL cert from Let's Encrypt | ||
| 2. Validates certs using DNS | ||
| 3. Uploads or installs SSL certs to multiple destinations | ||
|
|
||
| ## Supported DNS | ||
|
|
||
| Certmaster uses the excellent [go-acme/lego](https://github.com/go-acme/lego) repository | ||
| to generate certificates and automate DNS validation. They support 100+ providers, which are | ||
| listed [here](https://go-acme.github.io/lego/dns/). | ||
|
|
||
| ## Supported Destinations | ||
|
|
||
| 1. Email | ||
| 2. SFTP | ||
| 3. Hetzner Load Balancer | ||
|
|
||
| ## Config | ||
|
|
||
| Start with the example [config.json](config.json) and modify it. | ||
|
|
||
| - To configure DNS providers, create JSON of the form: | ||
|
|
||
| ``` json | ||
| { | ||
| "provider": "route53", | ||
| "AWS_ACCESS_KEY_ID": "ACCESS_KEY_ID", | ||
| "AWS_SECRET_ACCESS_KEY": "SECRET_KEY" | ||
| } | ||
| ``` | ||
|
|
||
| Here, `provider` is the provider name from `go-acme/lego`'s documentation. The rest of the | ||
| fields are configs specific to your DNS provider. | ||
|
|
||
| - Similarly, you configure destinations with all details required to upload. | ||
|
|
||
| ## Usage | ||
|
|
||
| To update the certificate, just run: | ||
|
|
||
| ``` | ||
| $ ./certmaster create --config config.json | ||
| ``` | ||
| ### AWS Lambda | ||
| The Docker file is to use with AWS Lambda. When you invoke the function, | ||
| you send the same JSON payload as the normal config. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,36 @@ | ||
| { | ||
| "email": "[email protected]", | ||
| "domain": "example.com", | ||
| "dummy": false, | ||
| "stage": true, | ||
| "dns": { | ||
|
|
||
| "provider": "route53", | ||
| "AWS_ACCESS_KEY_ID": "ACCESS_KEY_ID", | ||
| "AWS_SECRET_ACCESS_KEY": "SECRET_KEY" | ||
| }, | ||
| "destinations": [] | ||
| "destinations": [ | ||
| { | ||
| "provider": "email", | ||
| "from": "[email protected]", | ||
| "host": "email-smtp.us-east-1.amazonaws.com", | ||
| "port": "587", | ||
| "username": "SMTP_USER", | ||
| "password": "SMTP_PASSWORD", | ||
| "to": "[email protected]" | ||
| }, | ||
| { | ||
| "provider": "hetzner", | ||
| "api_token": "HETZER_WRITABLE_API_TOKEN", | ||
| "load_balancer_id": "000000" | ||
| }, | ||
| { | ||
| "provider": "sftp", | ||
| "user": "root", | ||
| "host": "1.1.1.1", | ||
| "port": "22", | ||
| "private_key": "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----", | ||
| "certificate_destination": "/path/to/certificate.txt", | ||
| "private_key_destination": "/path/to/private.txt" | ||
| } | ||
| ] | ||
| } |