25 lines
812 B
Markdown
25 lines
812 B
Markdown
ssl-update
|
|
automation for cert renewal with local hooks
|
|
|
|
given a service:
|
|
* start letsencrypt's certbot "manually", getting ownership proof data
|
|
* write proof into nginx's serving path
|
|
* log into the firewall, allow http for the given service
|
|
* enable http for the given service
|
|
* instruct let's encrypt to check the proof
|
|
* get new keys
|
|
* disable http for the service
|
|
* log into firewall, block http for the given service
|
|
* set permissions and ownership on new keys
|
|
* perform service specific hooks
|
|
* jellyfin: generating a pkcs12 key
|
|
|
|
All secrets are GPG encrypted and one password prompt allows for script access
|
|
to all secrets necessary.
|
|
|
|
State:
|
|
* Only jellyfin is tested and working
|
|
* Can only really test when keys come closer to expiring
|
|
* code is ugly, could be a nice class or something
|
|
|