acme-downloader
Fetches and stores a given Certificate, Full Chain, CA and Private Key.
It is meant to be used in conjunction within the Geant ACME infrastructure.
usage
you can use the tool as following:
acme-downloader --vault-token=<VAULT-TOKEN> --redis-token=<REDIS_TOKEN> \
--cert-name=foo-ev-cert.geant.org --team-name=swdIf the certificate is being replaced, the tool throws an exit status equal to 64 and you can reload your application in order to use the new certificate.
You can check all the options using --help:
ACME Downloader:
- fetches and stores a given Certificate, Full Chain, CA and Private Key
Usage:
acme-downloader --redis-token=REDISTOKEN --vault-token=VAULTTOKEN --cert-name=CERTNAME --team-name=TEAMNAME [--silent] [--days=DAYS] [--type=TYPE] [--cert-destination=CERTDESTINATION] [--fullchain-destination=FULLCHAINDESTINATION] [--key-destination=KEYDESTINATION] [--ca-destination=CADESTINATION] [--wildcard]
acme-downloader -h | --help
acme-downloader -v | --version
acme-downloader -b | --build
acme-downloader --update
acme-downloader --check-version
Options:
-h --help Show this screen
-v --version Print version information and exit
-b --build Print version and build information and exit
--redis-token=REDISTOKEN Redis access token
--vault-token=VAULTTOKEN Vault access token
--cert-name=CERTNAME Certificate name
--team-name=TEAMNAME Team name: swd, it, ne, ti,...
--type=TYPE Type, EV or OV
--days=DAYS Days before expiration [default: 30]
--cert-destination=CERTDESTINATION Cert Destination [default: /etc/ssl/certs/<cert-name>.crt]
--fullchain-destination=FULLCHAINDESTINATION Full Chain Destination[default: /etc/ssl/certs/<cert-name>_fullchain.crt]
--key-destination=KEYDESTINATION Key Destination [default: /etc/ssl/private/<cert-name>.key]
--ca-destination=CADESTINATION CA Destination [default: /etc/ssl/certs/COMODO_<type>.crt]
--wildcard The certificate type is wildcard
--update Self-updates the tool and exit
--check-version Check upstream versioncompatibility
Maybe 43 different platforms but tested on Linux and Windows only.
build
It compiles on several platforms and architectures.
Please run the script in this repository to check all available options:
./build.sh --helpcreate a new release
You can add this code snippet inside ~/.gitconfig:
[alias]
pp = !git pull && git push
pushall = !git remote | xargs -L1 git push --all
pushall-tags = !git remote | xargs -L1 git push --tagsThen you can apply the changes onto master branch and create a tag starting from branch master.
If you want to create version 1.2.3, the commands below will trigger the CI and upload the files to Artifactory:
git checkout master # make your changes ...
git commit "my new change"
git push
git tag v1.2.3
git pushall-tagsinstallation instructions
You can install the script as follows (as root):
curl https://artifactory.software.geant.org/artifactory/acme-downloader/acme-downloader.sh > /usr/bin/acme-downloader.sh
chown root:root /usr/bin/acme-downloader.sh
chmod 750 /usr/bin/acme-downloader.sh
acme-downloader.sh --vault-token <my_vault_token> --redis-token <my_redis_token> --team-name <my_team> --cert-name <my-certificate.domain.org> --type OV --install-crontabThe binaries and the shell script can be downloaded from Geant Artifactory