Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/erdii/headless-certmagic

Provision ssl certificates on a fleet of servers with an experimental chimera of certmagic and lego-cl
https://github.com/erdii/headless-certmagic

acme certificates certmagic clustering diy-cdn letsencrypt

Last synced: 2 months ago
JSON representation

Provision ssl certificates on a fleet of servers with an experimental chimera of certmagic and lego-cl

Awesome Lists containing this project

README 

        
# headless-certmagic

Idea: Use [mholt/certmagic](https://github.com/mholt/certmagic) like [go-acme/lego](https://github.com/go-acme/lego),

but leverage certmagic's storage backends to provision certificates on fleets of webservers.



### Features

* use LetsEncrypt's DNS challenge to obtain certificates for one or more domains (one domain per cert)

* sync certificates between multiple machines via a storage backend

* renewal hooks are executed if certificate changes

* flag help: `headless-certmagic -h`

* dns provider support:

	* route53: supply aws credentials like usual (envvars, ~/.aws, ...)

	* uses [go-acme/lego](https://github.com/go-acme/lego) and its providers, so it should be possible to support them all

* storage provider support:

	* s3 ([securityclippy/magicstorage](https://github.com/securityclippy/magicstorage)): supply aws credentials like usual (envvars, ~/.aws, ...)

	* uses [mholt/certmagic](https://github.com/mholt/certmagic) and its storage backends

* forced certificate renewal



### Requirements (for now)

* private s3 bucket

* hosted domain/zone in route53

* aws credentials with rw-access to the bucket and rw-access to the zone, they can be supplied via many ways, eg:

	* aws instanceroles

	* aws-cli: `aws configure`

	* envvars: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY



### Usage

* set up cronjob:

	```bash

	cat > /etc/cron.daily/headless-certmagic.sh <