https://github.com/viveckh/certifixed
SSL Certification Renewal Suite. Automated bot to finish domain verification challenges with Godaddy, renew SSL certificates with letsencrypt, convert certificates to pfx, and replace the expired version in Azure Vault.
https://github.com/viveckh/certifixed
azure-vault certificate-management dns-challenge godaddy-api letsencrypt-utils ssl-certificate-manager
Last synced: 2 months ago
JSON representation
SSL Certification Renewal Suite. Automated bot to finish domain verification challenges with Godaddy, renew SSL certificates with letsencrypt, convert certificates to pfx, and replace the expired version in Azure Vault.
- Host: GitHub
- URL: https://github.com/viveckh/certifixed
- Owner: Viveckh
- Created: 2021-08-18T22:41:38.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-12-27T18:37:01.000Z (over 3 years ago)
- Last Synced: 2025-02-28T17:25:01.974Z (3 months ago)
- Topics: azure-vault, certificate-management, dns-challenge, godaddy-api, letsencrypt-utils, ssl-certificate-manager
- Language: Python
- Homepage:
- Size: 9.77 KB
- Stars: 5
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
CERTIFIXED - SSL Certification Renewal Suite.
Automated bot that finishes domain verification challenges with Godaddy, renews SSL certificates with letsencrypt, converts certificates to pfx, and replaces the expired version in Azure Vault.
⇨ Technologies: Python, Shell Scripting, Godaddy API, Azure API
⇨ Author: (EJ) Vivek Pandey
Author's Website |
Author's Github |
---
Coded it one weekend to simplify my own life,
Definitely feel free to drop in issues or PR if interested in pushing this project further.
---
# Quickstart
## Setup virtual env & depedencies
```
> virtualenv -p python3 venv
> source venv/bin/activate
> pip3 install -r requirements.txt
```
---
## Credentials file
Create an `.env` file in the project folder with the following structure and input values.
```
[GODADDY]
API_KEY=xxxxxxx
API_SECRET=xxxxxxx
[AZURE]
CERT_VAULT_URL=https://xxxxxxx.vault.azure.net/
CLIENT_ID=xxxxxxx
TENANT_ID=xxxxxxx
SECRET=xxxxxxx
[CERTS]
SECTIONS=ADMIN_SERVER_CERT,SHOP_SERVER_CERT
[ADMIN_SERVER_CERT]
NAME=xxxxxxx
LOCAL_PFX_PATH=/xxxxxxx/admin-server.veniqa.com/certificate.pfx
PASSWORD=xxxxxxx
[SHOP_SERVER_CERT]
NAME=xxxxxxx
LOCAL_PFX_PATH=/xxxxxxx/shop-server.veniqa.com/certificate.pfx
PASSWORD=xxxxxxx
```
**Note**
* Anything from the `CERTS` section and below can be entered later before running the cert processor.
* `[ADMIN_SERVER_CERT]` is an example of a section that is needed per certificate you want renewed.
You can name such a section anything as long as you fulfill the following conditions:
* It has all the key-value pairs as shown in the example
* The custom section's name is included in the `[CERTS]` section's `SECTIONS` entry
---
## Make shell scripts executables
```
> chmod +x kickoff.sh
> chmod +x dns_challenge_hook.sh
> chmod +x cert_processor.sh
```
---
## Kickoff the certificate renewal process
Command: `./kickoff.sh`
## Run Cert Processor
Once the renewed certificates have been generated,
* Update the paths and passwords in the `cert_processor.sh` to point to the folder of your choice
* Run `./cert_processor.sh`
---
## Point your app to use the cert in Azure vault
The automated process ends with renewing the certificate and updating in the Azure Vault
You will then have to log in and point your app to use the updated certificate stored in your Azure vault.
I couldn't find an API to facilitate this part. If you find a way, feel free to drop an issue with the resource.