certwarden-deploy/docs/content/_index.md

94 lines
3.5 KiB
Markdown
Raw Normal View History

2024-07-12 13:04:33 +02:00
---
2024-07-28 17:58:52 +02:00
title: CertWarden-Deploy
2024-07-12 13:04:33 +02:00
type: docs
---
[CertWarden](https://www.certwarden.com/) is a self-hosted Centralized ACME Certificate Management platform. With it you can manage and aquire Let's Encrypt certificates.
However, to deploy them to your hosts, for now there only was a docker client, and that was too bloated for me.
So I built `certwarden-deploy`, a dependency-less binary that can run via crontab/systemd timers and that can fetch new certificates and run actions after new certificates got rolled out.
## Quick Start
Installation of the required CertWarden instance is out of scope of this documentation. For detailed instructions regarding CertWarden, please visit [it's documentation](https://www.certwarden.com/docs/introduction/)
To quickly get started with `certwarden-deploy`, just download the binary...
```shell
2024-07-28 08:11:49 +02:00
# this downloads certwarden-deploy version 0.2.1
2024-07-12 13:04:33 +02:00
# to /usr/local/bin/certwarden-deploy
2024-07-28 08:11:49 +02:00
sudo wget https://code.lila.network/adoralaura/certwarden-deploy/releases/download/0.2.1/certwarden-deploy-0.2.1-linux-amd64 -O /usr/local/bin/certwarden-deploy
2024-07-12 13:04:33 +02:00
sudo chmod +x /usr/local/bin/certwarden-deploy
```
... fill out the config file...
```shell
vi /etc/certwarden-deploy/config.yaml
```
```yaml
# Base URL of the CertWarden instance
# required
base_url: "https://certwarden.example.com"
# Set this to true if your CertWarden instance does not have a publicly trusted
# TLS certificate (e.g. it has a self signed one)
# default is false
disable_certificate_validation: false
# define all managed certificates here
certificates:
# name is a unique identifier that must start and end with an alphanumeric character,
# and can contain the following characters: a-zA-Z0-9._-
# required
- name: test-certificate.example.com
# Contains the API-Key to fetch the certificate from the server
# required
2024-07-28 08:11:49 +02:00
cert_secret: examplekey_notvalid_hrzjGDDw8z
2024-07-12 13:04:33 +02:00
2024-07-28 08:11:49 +02:00
# path where to save the certificate
# required
cert_path: "/path/to/test-certificate.example.com-cert.pem"
2024-07-12 13:04:33 +02:00
2024-07-28 08:11:49 +02:00
# Contains the API-Key to fetch the private key from the server
# required
key_secret: examplekey_notvalid_hrzbbDDw8z
2024-07-12 13:04:33 +02:00
2024-07-28 08:11:49 +02:00
# path where to save the private key
2024-07-12 13:04:33 +02:00
# required
2024-07-28 08:11:49 +02:00
key_path: "/path/to/test-certificate.example.com-key.pem"
# action to run when certificate was updated or --force is on
action: "/usr/bin/systemd reload caddy"
2024-07-12 13:04:33 +02:00
```
... and run it!
```shell
certwarden-deploy -v
```
## Contributing
2024-07-28 14:36:06 +02:00
I use my own [Forgejo](https://forgejo.org/) Instance [code.lila.network](https://code.lila.network) to manage issues, pull requests and CI/CD.
2024-07-12 13:04:33 +02:00
2024-07-28 14:36:06 +02:00
* If you have a trivial fix or improvement, go ahead and send a diff to the maintainer(s) of this repository (see
[MAINTAINERS.md](https://code.lila.network/adoralaura/certwarden-deploy/src/branch/main/MAINTAINERS.md)).
2024-07-12 13:04:33 +02:00
2024-07-28 14:36:06 +02:00
* If you plan to do something more involved, first please [send me a mail]( mailto:dev@lauka.net?subject=%5Bcertwarden-deploy%5D)mso I can create an account for you.
2024-07-12 13:04:33 +02:00
2024-07-28 14:36:06 +02:00
### Non-development Contibutions
2024-07-12 13:04:33 +02:00
The best way to help without speaking a lot of Go would be to share your
2024-07-28 14:36:06 +02:00
configuration, setup, and tips. If you have something
2024-07-12 13:04:33 +02:00
that works and is not in the repository, please pay it forward and
share what works.
## Changelog
You can find the Changelog here: [Changelog](https://code.lila.network/adoralaura/certwarden-deploy/src/branch/main/CHANGELOG.md)
## License
`certwarden-deploy` is available under the MIT license. See the [LICENSE](https://code.lila.network/adoralaura/certwarden-deploy/src/branch/main/LICENSE) file for more info.