https://github.com/kenmoini/lego-bridge

HTTP service written in golang to make ACME requests easy
https://github.com/kenmoini/lego-bridge

Last synced: 5 months ago
JSON representation

HTTP service written in golang to make ACME requests easy

• Host: GitHub
• URL: https://github.com/kenmoini/lego-bridge
• Owner: kenmoini
• Created: 2024-02-02T06:06:48.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-06-17T15:53:53.000Z (almost 2 years ago)
• Last Synced: 2024-06-21T01:58:41.285Z (almost 2 years ago)
• Language: Go
• Size: 42 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Lego Bridge

This is a microservice to bridge between ACME requests to Step CA and PowerDNS.

## Usage

### Required Input

- `PDNS_API_URL`

- `PDNS_API_KEY`

- `ACME_SERVER_URL`

- `EMAIL_ADDRESS`

### Optional Input

- `DNS_SERVERS` - A list of DNS servers to query for a response, separated by a semi-colon.  Also set `DNS_SERVER_ONE` and `DNS_SERVER_TWO`

```bash

# With Podman

podman run --rm -d --name lego-bridge \

 -p 8080:8080 \

 -e PDNS_API_URL="http://pdns-api.example.com:8081" \

 -e PDNS_API_KEY="somekeyhere" \

 -e ACME_SERVER_URL="https://step-ca.example.com/acme/acme/directory" \

 -e EMAIL_ADDRESS="you@example.com" \

 -e DNS_SERVERS="192.168.42.9,192.168.42.10" \

 -e DNS_SERVER_ONE="192.168.42.9" \

 -e DNS_SERVER_TWO="192.168.42.10" \

 quay.io/kenmoini/lego-bridge:latest

# On Kubernetes - Secret edits needed

kubectl apply -k deployment/

```

Now you should be able to make a cURL to the service:

```

export SERVER_ENDPOINT="http://lego-bridge.apps.k8s.kemo.labs"

./request-cert.sh "test.example.com"

./request-cert.sh "test.example.com;other-test.example.com"

# Or pipe things into Bash

curl -sSL https://raw.githubusercontent.com/kenmoini/lego-bridge/main/request-cert.sh | SERVER_ENDPOINT="http://lego-bridge.apps.k8s.kemo.labs" bash -s -- "testing.example.com;test2.example.com"

```

Which will save the certificate to `./$FIRST_DOMAIN.crt.pem` and the key to `./$FIRST_DOMAIN.key.pem`

## Setup for Crontab

```bash

dnf install -y jq curl wget

cd /opt

wget https://raw.githubusercontent.com/kenmoini/lego-bridge/main/cron-wrapper.sh -O cockpit-ssl.sh

chmod a+x cockpit-ssl.sh

crontab -e

# 0 0 3 * * /opt/cockpit-ssl.sh "host.example.com"

```

Defaults are set to work for Cockpit