GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nrempel → flynn-certbot

nrempel / flynn-certbot

Licence: MIT license
A Certbot that you can run on your Flynn cluster

Programming Languages

shell
77523 projects

Labels

letsencryptcertbotflynn

Projects that are alternatives of or similar to flynn-certbot

Ansible Letsencrypt
Ansible role for LetsEncrypt
Stars: ✭ 66 (+200%)
Mutual labels:  letsencrypt, certbot
Certbot Plugin Gandi
Certbot plugin for authentication using Gandi LiveDNS
Stars: ✭ 98 (+345.45%)
Mutual labels:  letsencrypt, certbot
Letscertbot
Let's Certbot is a tool builds automated scripts base on Certbot for obtaining, renewing, deploying SSL certificates.
Stars: ✭ 84 (+281.82%)
Mutual labels:  letsencrypt, certbot
certbot-he-hook
Certbot (Let's Encrypt) auth hook script for the Hurricane Electric DNS service
Stars: ✭ 50 (+127.27%)
Mutual labels:  letsencrypt, certbot
txacme
Twisted client for the ACME (Automatic Certificate Management Environment) protocol
Stars: ✭ 42 (+90.91%)
Mutual labels:  letsencrypt, certbot
Certbot Install
Install the latest Certbot in a breeze. Great for Ubuntu Focal 20.04, and other Linux/Mac.
Stars: ✭ 50 (+127.27%)
Mutual labels:  letsencrypt, certbot
Certbot
Dockerized HTTPS with Let's Encrypt
Stars: ✭ 91 (+313.64%)
Mutual labels:  letsencrypt, certbot
Acme.sh
A pure Unix shell script implementing ACME client protocol
Stars: ✭ 24,723 (+112277.27%)
Mutual labels:  letsencrypt, certbot
Certbot Zimbra
Automated letsencrypt/certbot certificate request and deploy script for Zimbra hosts
Stars: ✭ 129 (+486.36%)
Mutual labels:  letsencrypt, certbot
Serverpilot Letsencrypt
Automate the installation of Let's Encrypt SSL on the free plan of ServerPilot
Stars: ✭ 129 (+486.36%)
Mutual labels:  letsencrypt, certbot
Docker Nginx Letsencrypt Upstream
infrastructure: docker-compose config for node and redis behind upstream nginx ( SSL/HTTPS ) on debian jessie
Stars: ✭ 47 (+113.64%)
Mutual labels:  letsencrypt, certbot
Certbot Route53
Helping create Let's Encrypt certificates for AWS Route53
Stars: ✭ 159 (+622.73%)
Mutual labels:  letsencrypt, certbot
Certbot
Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
Stars: ✭ 28,541 (+129631.82%)
Mutual labels:  letsencrypt, certbot
Docker Letsencrypt Certgen
Docker image to generate, renew, revoke RSA and/or ECDSA SSL certificates from LetsEncrypt CA using certbot and acme.sh clients in automated fashion
Stars: ✭ 64 (+190.91%)
Mutual labels:  letsencrypt, certbot
Certbot Letencrypt Wildcardcertificates Alydns Au
certbot'renewing letencrypt certificate plugin - automatic verification aliyun/tencentyun/godaddy dns
Stars: ✭ 839 (+3713.64%)
Mutual labels:  letsencrypt, certbot
Dockerweb
A docker-powered bash script for shared web hosting management. The ultimate Docker LAMP/LEMP Stack.
Stars: ✭ 89 (+304.55%)
Mutual labels:  letsencrypt, certbot
Dnsrobocert
Orchestrate Certbot and Lexicon together to provide Let's Encrypt TLS certificates validated by DNS challenges
Stars: ✭ 420 (+1809.09%)
Mutual labels:  letsencrypt, certbot
Ansible Role Certbot
Ansible Role - Certbot (for Let's Encrypt)
Stars: ✭ 477 (+2068.18%)
Mutual labels:  letsencrypt, certbot
Acme Dns Certbot Joohoi
Certbot client hook for acme-dns
Stars: ✭ 99 (+350%)
Mutual labels:  letsencrypt, certbot
Sewer
Let's Encrypt(ACME) client. Python library & CLI app.
Stars: ✭ 131 (+495.45%)
Mutual labels:  letsencrypt, certbot
View All Similar Projects ➔

Flynn Certbot

This tool can help you automatically issue and renew SSL certificates and secure Flynn routes for related domains. The tool uses Let's Encrypt to generate certificates.

Pull requests with improvements are welcome. For significant changes, create an issue first to discuss the topic.

Caveats

I'm using this tool right now and it works for me but it is not well tested. I would recommend reading the script before following these instructions.

Currently, this only works for clusters hosted on Digital Ocean.

Since Flynn does not support persistent volumes, every time the process starts it issues a certificate then begins watching to renew the certificate. Due to Let's Encrypt rate limits, this can only happen 20 times per week.

Scaling the process will trigger this. Changing environment variables will trigger this. Deployments will trigger this. I recommend double checking your configuration is correct before scaling up the process.

If you scale deployment past a single process, you may see problems.

You've been warned!

Installing

Clone this repository.

Create a new Flynn app using this repository.

flynn create certbot

Set the following environment variables:

CERTBOT_DNS_PLUGIN

Only supports digitalocean right now.

DIGITAL_OCEAN_API_KEY

Get one from https://cloud.digitalocean.com/account/api/tokens

DOMAINS

A list of flynn app/domain pairs. Must be in the format <flynn app 1>:<valid route for flynn app 1>,<flynn app 2>:<valid route for flynn app 2>,...,n

Example: DOMAINS=app1:app1.cluster.mydomain.com,app2:app2url.cluster.mydomain.com

EMAIL

A valid email address for Let's Encrypt

FLYNN_CLUSTER_HOST

Look in flynn cluster

FLYNN_CONTROLLER_KEY

This can be obtained with:

flynn -a controller env get AUTH_KEY

FLYNN_TLS_PIN

This can be obtained with:

openssl s_client -connect controller.$CLUSTER_DOMAIN:443 \
  -servername controller.$CLUSTER_DOMAIN 2>/dev/null </dev/null \
  | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
  | openssl x509 -inform PEM -outform DER \
  | openssl dgst -binary -sha256 \
  | openssl base64

Where $CLUSTER_DOMAIN is the domain for your cluster.

Finally, when you're ready, push this repository to your flynn remote then scale it to 1 process (exactly).

If everything goes well, all of the domains in $DOMAINS should now support https routes with a valid certificate!

🍻

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].