luke/ssl-update
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
9 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Luke Tidd 147926112c accidental "error" changed to "info"
2022-08-05 09:39:39 -04:00
nfo
jellyfin completed first complete update
2022-07-03 13:11:28 -04:00
remote
be explicit with script type
2022-07-04 13:08:32 -04:00
LICENSE
license update
2022-07-02 14:25:21 -04:00
README.md
oops markup
2022-07-03 13:21:04 -04:00
update_cert.py
accidental "error" changed to "info"
2022-08-05 09:39:39 -04:00

README.md

ssl-update

automation for cert renewal with local hooks

given a service:

* start letsencrypt's certbot "manually", getting ownership proof data
* write proof into nginx's serving path
* log into the firewall, allow http for the given service
* enable http for the given service
* instruct let's encrypt to check the proof
* get new keys
* disable http for the service
* log into firewall, block http for the given service
* set permissions and ownership on new keys
* perform service specific hooks
	* jellyfin: generating a pkcs12 key

All secrets are GPG encrypted and one password prompt allows for script access to all secrets necessary.

State:

* Only jellyfin is tested and working
* Can only really test when keys come closer to expiring
* code is ugly, could be a nice class or something
Description
No description provided
Readme MIT 134 KiB
Languages
Python 85.1%
Shell 14.9%