Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nrempel/flynn-certbot
A Certbot that you can run on your Flynn cluster
https://github.com/nrempel/flynn-certbot
certbot flynn letsencrypt
Last synced: about 2 months ago
JSON representation
A Certbot that you can run on your Flynn cluster
- Host: GitHub
- URL: https://github.com/nrempel/flynn-certbot
- Owner: nrempel
- License: mit
- Created: 2018-07-31T04:25:29.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2019-04-18T23:30:26.000Z (over 5 years ago)
- Last Synced: 2024-04-27T18:33:59.117Z (5 months ago)
- Topics: certbot, flynn, letsencrypt
- Language: Shell
- Size: 17.6 KB
- Stars: 22
- Watchers: 4
- Forks: 4
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Flynn Certbot
This tool can help you automatically issue and renew SSL certificates and secure Flynn routes for related domains. The tool uses [Let's Encrypt](https://letsencrypt.org) to generate certificates.
Pull requests with improvements are welcome. For significant changes, create an issue first to discuss the topic.
## Caveats
I'm using this tool right now and it works for me but it is not well tested. I would recommend reading the script before following these instructions.
Currently, this only works for clusters hosted on Digital Ocean.
Since Flynn does not support persistent volumes, every time the process starts it issues a certificate then begins watching to renew the certificate. Due to [Let's Encrypt rate limits](https://letsencrypt.org/docs/rate-limits/), this can only happen 20 times per week.
Scaling the process will trigger this. Changing environment variables will trigger this. Deployments will trigger this. I recommend double checking your configuration is correct before scaling up the process.
If you scale deployment past a single process, you may see problems.
You've been warned!
## Installing
Clone this repository.
Create a new Flynn app using this repository.
`flynn create certbot`
Set the following environment variables:
### CERTBOT_DNS_PLUGIN
Only supports digitalocean right now.
### DIGITAL_OCEAN_API_KEY
Get one from [https://cloud.digitalocean.com/account/api/tokens](https://cloud.digitalocean.com/account/api/tokens)
### DOMAINS
A list of flynn app/domain pairs. Must be in the format :,:,...,n
Example: DOMAINS=app1:app1.cluster.mydomain.com,app2:app2url.cluster.mydomain.com
A valid email address for Let's Encrypt
### FLYNN_CLUSTER_HOST
Look in `flynn cluster`
### FLYNN_CONTROLLER_KEY
This can be obtained with:
`flynn -a controller env get AUTH_KEY`
### FLYNN_TLS_PIN
This can be obtained with:
```
openssl s_client -connect controller.$CLUSTER_DOMAIN:443 \
-servername controller.$CLUSTER_DOMAIN 2>/dev/null