{"id":13576648,"url":"https://github.com/nrempel/flynn-certbot","last_synced_at":"2025-05-08T23:08:49.738Z","repository":{"id":145018466,"uuid":"142962061","full_name":"nrempel/flynn-certbot","owner":"nrempel","description":"A Certbot that you can run on your Flynn cluster","archived":false,"fork":false,"pushed_at":"2019-04-18T23:30:26.000Z","size":18,"stargazers_count":22,"open_issues_count":1,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-05-08T23:08:43.312Z","etag":null,"topics":["certbot","flynn","letsencrypt"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nrempel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-07-31T04:25:29.000Z","updated_at":"2021-02-14T15:35:11.000Z","dependencies_parsed_at":"2024-01-29T05:51:15.044Z","dependency_job_id":"1fbac0b3-4975-4905-9e26-1d805bcb375d","html_url":"https://github.com/nrempel/flynn-certbot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrempel%2Fflynn-certbot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrempel%2Fflynn-certbot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrempel%2Fflynn-certbot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nrempel%2Fflynn-certbot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nrempel","download_url":"https://codeload.github.com/nrempel/flynn-certbot/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253160777,"owners_count":21863629,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certbot","flynn","letsencrypt"],"created_at":"2024-08-01T15:01:12.380Z","updated_at":"2025-05-08T23:08:49.719Z","avatar_url":"https://github.com/nrempel.png","language":"Shell","funding_links":[],"categories":["Uncategorized"],"sub_categories":["Uncategorized"],"readme":"# Flynn Certbot\n\nThis tool can help you automatically issue and renew SSL certificates and secure Flynn routes for related domains. The tool uses [Let's Encrypt](https://letsencrypt.org) to generate certificates.\n\nPull requests with improvements are welcome. For significant changes, create an issue first to discuss the topic.\n\n## Caveats\n\nI'm using this tool right now and it works for me but it is not well tested. I would recommend reading the script before following these instructions.\n\nCurrently, this only works for clusters hosted on Digital Ocean.\n\nSince Flynn does not support persistent volumes, every time the process starts it issues a certificate then begins watching to renew the certificate. Due to [Let's Encrypt rate limits](https://letsencrypt.org/docs/rate-limits/), this can only happen 20 times per week.\n\nScaling the process will trigger this. Changing environment variables will trigger this. Deployments will trigger this. I recommend double checking your configuration is correct before scaling up the process.\n\nIf you scale deployment past a single process, you may see problems.\n\nYou've been warned!\n\n## Installing\n\nClone this repository.\n\nCreate a new Flynn app using this repository.\n\n`flynn create certbot`\n\nSet the following environment variables:\n\n### CERTBOT_DNS_PLUGIN \n\nOnly supports digitalocean right now.\n\n### DIGITAL_OCEAN_API_KEY\n\nGet one from [https://cloud.digitalocean.com/account/api/tokens](https://cloud.digitalocean.com/account/api/tokens)\n\n### DOMAINS\n\nA list of flynn app/domain pairs. Must be in the format \u003cflynn app 1\u003e:\u003cvalid route for flynn app 1\u003e,\u003cflynn app 2\u003e:\u003cvalid route for flynn app 2\u003e,...,n\n\nExample: DOMAINS=app1:app1.cluster.mydomain.com,app2:app2url.cluster.mydomain.com\n\n### EMAIL\n\nA valid email address for Let's Encrypt\n\n### FLYNN_CLUSTER_HOST\n\nLook in `flynn cluster`\n\n### FLYNN_CONTROLLER_KEY\n\nThis can be obtained with:\n\n`flynn -a controller env get AUTH_KEY`\n\n\n### FLYNN_TLS_PIN\n\nThis can be obtained with:\n\n```\nopenssl s_client -connect controller.$CLUSTER_DOMAIN:443 \\\n  -servername controller.$CLUSTER_DOMAIN 2\u003e/dev/null \u003c/dev/null \\\n  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \\\n  | openssl x509 -inform PEM -outform DER \\\n  | openssl dgst -binary -sha256 \\\n  | openssl base64\n```\n\nWhere $CLUSTER_DOMAIN is the domain for your cluster.\n\n\nFinally, when you're ready, push this repository to your flynn remote then scale it to 1 process (exactly).\n\nIf everything goes well, all of the domains in `$DOMAINS` should now support https routes with a valid certificate!\n\n🍻\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnrempel%2Fflynn-certbot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnrempel%2Fflynn-certbot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnrempel%2Fflynn-certbot/lists"}