Skip to content

jlu5/certpush

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
certpush
 
 
LICENSE
 
 
README.md
 
 
certpush Cron job

README.md

certpush

Certpush is a utility that generates Let's Encrypt TLS certificates for DNS round robins. It uses rootless certbot with DNS validation as its backend, creating a unique certificate for every server. Each certificate is only valid for that server's name(s) plus configured round robin addresses, allowing granular certificate revocation / removal compared to sharing certificates between servers.

Certpush was originally designed to provide TLS to IRC round robins, but has been extended to support shared DNS names in general (e.g. websites backed by anycast or GeoDNS).

An example configuration lives in certpush/certpush.config.sh.example.

$ ./certpush.sh
Usage:
./certpush.sh newserver [server name] - generates a certificate for the given server
./certpush.sh renew - renews all known certificate and pushes them to servers
./certpush.sh push [server name] - pushes the certificate for the given server via SFTP
./certpush.sh runcmd [command] [args] - run arbitrary certbot commands under certpush's config directories

Cron job

As certpush uses a custom folder for the certbot path, you should add certpush.sh renew to a cron job or a similar service to ensure that certificates are kept up to date.

Example (weekly at 9 AM):

0 9 * * 1 /path/to/your/certpush.sh renew

About

A Certbot wrapper for DNS round robins

Resources

Readme

License

MIT license

Stars

0 stars

Watchers

1 watching

Forks

0 forks

Releases

No releases published

Packages

No packages published

Languages