https://github.com/ichenhe/cert-deployer
A tool to automatically deploy https certificates to cloud services.
https://github.com/ichenhe/cert-deployer
Last synced: 6 months ago
JSON representation
A tool to automatically deploy https certificates to cloud services.
- Host: GitHub
- URL: https://github.com/ichenhe/cert-deployer
- Owner: ichenhe
- License: mit
- Created: 2022-05-20T04:50:08.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2025-02-24T08:41:58.000Z (over 1 year ago)
- Last Synced: 2025-10-09T14:43:44.937Z (9 months ago)
- Language: Go
- Size: 301 KB
- Stars: 1
- Watchers: 1
- Forks: 2
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Cert Deployer
**A tool to automatically deploy https certificates to cloud services.**
[](https://github.com/ichenhe/cert-deployer/releases)
[](https://goreportcard.com/report/github.com/ichenhe/cert-deployer)
[](https://github.com/ichenhe/cert-deployer/actions)
This is not an ACME client and is recommended to be used with an ACME client to fully automate the cert workflow. Of course, you can also use this tool alone.
## Supported Cloud Provider
- Alibaba Cloud (`AlibabaCloud`)
- CDN (`cdn`)
- AWS (`AWS`)
- CloudFront (`cloud_front`)
- Tencent Cloud (`TencentCloud`)
- CDN (`cdn`)
## Quick start
```bash
# deploy cert to all matched cdn in TencentCloud
./cert-deployer --provider TencentCloud \
--secret-id "xxxxxxxxx" \
--secret-key "yyyyyyyyyy" \
--cert "/path/to/fullchain.pem" \
--key "/path/to/privkey.pem" \
--type cdn[README.md](README.md)
```
The value of `provider` / `type` must be in the support list.
## Usage
The global flag `--profile` can be used to specify the configuration file.
For more usage, e.g. pre-defined deploy, trigger, logging... See [WiKi](https://github.com/ichenhe/cert-deployer/wiki).
## Integration with ACME client
cert-deployer can work with ACME client in two ways:
- [RECOMMAND] Use trigger feature to monitor the cert file generated by ACME client.
- Use hook feature of ACME client to execute cert-deployer.
Here's an example to work with [acme.sh](https://github.com/acmesh-official/acme.sh) via hook.
```bash
acme.sh --issue \
-d www.example.com \
-w /www/wwwroot/www.example.com/ \
--post-hook "cert-deployer deploy --type cdn --cert /root/.acme.sh/www.example.com/fullchain.cer --key /root/.acme.sh/www.example.com/www.example.com.key --provider TencentCloud --secret-id xxxx --secret-key yyyyy" --force
```
After that, hook command will be saved and apply to `--renew` or `--cron` commands as well. Try `acme.sh --renew -d www.example.com --force` to test.
## Migrating from v0.1
Legacy usage is no longer supported, which means you shouldn't specify the cloud provider in profile while provide the target asset or cert file via cli.
Instead, you can either:
- Execute fully custom deployment as described in *quck start*.
- Define everything in profile as described in *pre-defined deployment*.
In addition this, you are encouraged to use *trigger* to integrate with ACME client instead of hook, which is more easier and clearer.
## Add plugins
If you want to make some contributions to add more back-end support, in general, the steps are as follows:
1. Add a new package in `plugins/`.
2. Add necessary data structures. You may probably want to define a const called `Provider` as the name of the back-end and id.
3. Implement `domain.Deployer`, and register it by calling `registry.MustRegister()` in `init()` function.
4. Import your new plugin in `plugins/import.go`.
5. Update the support list in this file.
Congratulations 🥳
> In case you need a new asset type, please add it to `asset/asset_type.go` if it is a generic type (e.g. cdn), otherwise you may want to define them in your package.
## Disclaimer for Mainland China
This is a statement for Chinese mainland only.
我们不会故意,但亦不能保证整个仓库中不包含(潜在的)敏感内容,因此不鼓励任何人将本仓库镜像到大陆平台。若您执意这么做,后果自行承担。