{"id":16191256,"url":"https://github.com/project0/certjunkie","last_synced_at":"2025-03-19T03:31:03.970Z","repository":{"id":101091052,"uuid":"113081880","full_name":"project0/certjunkie","owner":"project0","description":"An REST based server to receive certs from an ACME Server with limited DNS server for challenge.","archived":false,"fork":false,"pushed_at":"2023-03-06T18:27:12.000Z","size":145,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-17T03:21:25.524Z","etag":null,"topics":["acme","acme-client","acme-dns","cert","challenge","dns","letsencrypt"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/project0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-04T18:54:04.000Z","updated_at":"2024-03-07T08:04:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"414d64dc-1084-4c10-a674-bfd4ba32b146","html_url":"https://github.com/project0/certjunkie","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/project0%2Fcertjunkie","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/project0%2Fcertjunkie/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/project0%2Fcertjunkie/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/project0%2Fcertjunkie/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/project0","download_url":"https://codeload.github.com/project0/certjunkie/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244350976,"owners_count":20439291,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acme","acme-client","acme-dns","cert","challenge","dns","letsencrypt"],"created_at":"2024-10-10T07:45:32.613Z","updated_at":"2025-03-19T03:31:03.699Z","avatar_url":"https://github.com/project0.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CertJunkie\n\nThis project is inspired by [acme-dns](https://github.com/joohoi/acme-dns). While acme-dns is awesome to use with other acme clients, it lacks of capabilities of shared certs and anonymous usage.\n\nI want to have a simple http server to create, challenge and receive my (lets encrypt) certs from an central point.\nAs it is intended to be used within an private and closed context, optional authentication and secured connection is currently not focused (fee free to create PR).\n\n## Usage\n\n```\nserver\n--dns.domain string      The NS domain name of this server (default \"ns.local\")\n--dns.listen string      Bind on this port to run the DNS server on (tcp and udp) (default \":53\")\n--dns.zone string        The zone we are using to provide the txt records for challenge (default \"acme.local\")\n--email string           Registration email for the ACME server\n--listen string          Bind on this port to run the API server on (default \":80\")\n--provider string        DNS challenge provider name (default \"dnscname\")\n--server string          ACME Directory Resource URI (default \"https://acme-v01.api.letsencrypt.org/directory\")\n--storage string         Storage driver to use, currently only local is supported (default \"local\")\n--storage.local string   Path to store the certs and account data for local storage driver (default \"$HOME/.certjunkie\")\n\n```\n\nFor combatible dns provdider look at https://github.com/xenolf/lego/tree/master/providers/dns\n\n### Docker\n\n[Image DockerHub](https://hub.docker.com/r/project0de/certjunkie)\n\n```bash\ndocker run -ti -p 80:80 -p 53:53 -p 53:53/udp \\\n-v $(pwd)/certjunkie:/storage project0de/certjunkie \\\nserver --storage.local /storage --email your@domain.com --dns.zone certjunkie.domain.com --dns.domain thisserver.domain.com\n```\n\n### Client\n\ncertjunkie has a built in client to write certificate easy to file.\n\n```bash\ncertjunkie client --address \"http://localhost:8080\" --domain \"my.domain.de\" \\\n--file.cert my.domain.de.crt \\\n--file.key my.domain.de.key \\\n--file.ca my.domain.de.ca \\\n--file.bundle my.domain.de.bundle\n```\n\n### Client example with curl\n\n```bash\ncurl http://localhost:8080/cert/my.domain.de/cert -Fo my.domain.de.crt \u0026\u0026 \\\ncurl http://localhost:8080/cert/my.domain.de/key -Fo my.domain.de.key \u0026\u0026 \\\ncurl http://localhost:8080/cert/my.domain.de/ca -Fo my.domain.de.ca\n```\n\n## `dnscname` DNS redirect with CNAME\n\nThis is actually `$challengeDomain.$dnsDomain.`.\nEnsure the NS record is set to this server\n\n### Example\n\nAsume starting with `certjunkie server --dns.domain certjunkiens.example.com --dns.zone certjunkie.example.com --email your@registration.mail`\n\n1. Delegate a subdomain to the server running certbot on your remote hosted DNS `example.com`:\n```\ncertjunkiens A 1.1.1.1 300 # this should be A/AAAA record\ncertunkie NS certjunkiens.example.com # delegate zone to our built in nameserver\n```\n\n2. Setup certjunkie to start with his new authorative domain `certjunkie.example.com`\n\n3. Forward the acme txt record for domains you would like to automate challenge:\n```\n_acme-challenge.yourdomain.com                CNAME yourdomain.com.certjunkie.example.com\n_acme-challenge.www.yourdomain.com            CNAME www.yourdomain.com.certjunkie.example.com\n_acme-challenge.service.cloud.yourdomain.com  CNAME service.cloud.yourdomain.com.certjunkie.example.com\n```\n\n## API\n\n* `domain`: Get an cert which matches this domain.\n\n### GET /cert/{domain}\n\nGet JSON of an cert with CA and key\nIf the cert does not exist (or is not valid anymore) it will request a new one (sync).\n\n#### Optional query parameters\n\n* `san`: Comma separated list of subject alternative names the cert must have.\n* `onlycn`: Get only a cert which matches the CommonName\n* `valid`: How long needs the cert to be valid in days before requesting a new one. Defaults to 30\n\n### GET /cert/{domain}/cert\n\nRetrieve only the certificate pem encoded.\n\n### GET /cert/{domain}/ca\n\nRetrieve only the Issuer Certificate (CA) pem encoded.\n\n### GET /cert/{domain}/bundle\n\nRetrieve bundled cert with ca pem encoded.\n\n### GET /cert/{domain}/key\n\nRetrieve the private key pem encoded.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fproject0%2Fcertjunkie","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fproject0%2Fcertjunkie","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fproject0%2Fcertjunkie/lists"}