adoralaura/certwarden-deploy-docs
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2024-07-12. You can view files and clone it, but cannot push or open issues or pull requests.
certwarden-deploy-docs/content/_index.md
Adora Laura Kalb 9275dedc9e
Some checks failed
ci/woodpecker/push/deploy-cloudflare Pipeline failed
Details
initial commit
2024-07-04 10:30:49 +02:00

3.2 KiB
Raw Permalink Blame History

title type
Introduction docs

CertWarden

CertWarden is a self-hosted Centralized ACME Certificate Management platform. With it you can manage and aquire Let's Encrypt certificates.

However, to deploy them to your hosts, for now there only was a docker client, and that was too bloated for me.

So I built certwarden-deploy, a dependency-less binary that can run via crontab/systemd timers and that can fetch new certificates and run actions after new certificates got rolled out.

Quick Start

Installation of the required CertWarden instance is out of scope of this documentation. For detailed instructions regarding CertWarden, please visit it's documentation

To quickly get started with certwarden-deploy, just download the binary...

# this downloads certwarden-deploy version 0.1.1 
# to /usr/local/bin/certwarden-deploy
sudo wget https://code.lila.network/adoralaura/certwarden-deploy/releases/download/0.1.1/certwarden-deploy-0.1.1-linux-amd64 -O /usr/local/bin/certwarden-deploy

sudo chmod +x /usr/local/bin/certwarden-deploy

... fill out the config file...

vi /etc/certwarden-deploy/config.yaml

# Base URL of the CertWarden instance
# required
base_url: "https://certwarden.example.com"

# Set this to true if your CertWarden instance does not have a publicly trusted 
# TLS certificate (e.g. it has a self signed one)
# default is false
disable_certificate_validation: false

# define all managed certificates here
certificates:

    # name is a unique identifier that must start and end with an alphanumeric character, 
    # and can contain the following characters: a-zA-Z0-9._-
    # required
  - name: test-certificate.example.com

    # Contains the API-Key to fetch the certificate from the server
    # required

    api_key: examplekey_notvalid_hrzjGDDw8z

    # action to run when certificate was updated or --force is on
    action: "/usr/bin/systemd reload caddy"

    # path where to save the certificate
    # required
    file_path: "/path/to/test-certificate.example.com-cert.pem"

... and run it!

certwarden-deploy -v

Contributing

I use my own Forgejo Instance to manage issues and pull requests.

  • If you have a trivial fix or improvement, go ahead and create a pull request, addressing (with @...) the maintainer of this repository (see MAINTAINERS.md) in the description of the pull request.

  • If you plan to do something more involved, first please send me a mail.

What to contribute

The best way to help without speaking a lot of Go would be to share your configuration, alerts, dashboards, and recording rules. If you have something that works and is not in the repository, please pay it forward and share what works.

Changelog

You can find the Changelog here: Changelog

License

certwarden-deploy is available under the MIT license. See the LICENSE file for more info.