Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nrempel/flynn-certbot

A Certbot that you can run on your Flynn cluster
https://github.com/nrempel/flynn-certbot

certbot flynn letsencrypt

Last synced: about 2 months ago
JSON representation

A Certbot that you can run on your Flynn cluster

Host: GitHub
URL: https://github.com/nrempel/flynn-certbot
Owner: nrempel
License: mit
Created: 2018-07-31T04:25:29.000Z (about 6 years ago)
Default Branch: master
Last Pushed: 2019-04-18T23:30:26.000Z (over 5 years ago)
Last Synced: 2024-04-27T18:33:59.117Z (5 months ago)
Topics: certbot, flynn, letsencrypt
Language: Shell
Size: 17.6 KB
Stars: 22
Watchers: 4
Forks: 4
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Flynn Certbot

This tool can help you automatically issue and renew SSL certificates and secure Flynn routes for related domains. The tool uses [Let's Encrypt](https://letsencrypt.org) to generate certificates.

Pull requests with improvements are welcome. For significant changes, create an issue first to discuss the topic.

## Caveats

I'm using this tool right now and it works for me but it is not well tested. I would recommend reading the script before following these instructions.

Currently, this only works for clusters hosted on Digital Ocean.

Since Flynn does not support persistent volumes, every time the process starts it issues a certificate then begins watching to renew the certificate. Due to [Let's Encrypt rate limits](https://letsencrypt.org/docs/rate-limits/), this can only happen 20 times per week.

Scaling the process will trigger this. Changing environment variables will trigger this. Deployments will trigger this. I recommend double checking your configuration is correct before scaling up the process.

If you scale deployment past a single process, you may see problems.

You've been warned!

## Installing

Clone this repository.

Create a new Flynn app using this repository.

`flynn create certbot`

Set the following environment variables:

### CERTBOT_DNS_PLUGIN

Only supports digitalocean right now.

### DIGITAL_OCEAN_API_KEY

Get one from [https://cloud.digitalocean.com/account/api/tokens](https://cloud.digitalocean.com/account/api/tokens)

### DOMAINS

A list of flynn app/domain pairs. Must be in the format :,:,...,n

Example: DOMAINS=app1:app1.cluster.mydomain.com,app2:app2url.cluster.mydomain.com

### EMAIL

A valid email address for Let's Encrypt

### FLYNN_CLUSTER_HOST

Look in `flynn cluster`

### FLYNN_CONTROLLER_KEY

This can be obtained with:

`flynn -a controller env get AUTH_KEY`

### FLYNN_TLS_PIN

This can be obtained with:

```
openssl s_client -connect controller.$CLUSTER_DOMAIN:443 \
-servername controller.$CLUSTER_DOMAIN 2>/dev/null