I'm not maintaining this anymore, so I've given it over to na4ma4/traefik-acme.
Extract certificates from acme.json created by traefik.
Using traefik to do the work of certbot is good, but sometimes you have other services that need access to the certificate, this CLI tool extracts them out so you can use them outside of traefik.
Usage:
traefik-acme <domain> [flags]
Flags:
-a, --acme string Location of acme.json file (default "/etc/traefik/acme.json")
-c, --cert string Location to write out certificate (default "cert.pem")
-r, --certificate-resolver string Certificate Resovler name from traefik config (default "acme")
-d, --debug Debug output
--exit-code Exit with exit-code 99 if files updated
--force Force writing to file even if not updated
-h, --help help for traefik-acme
-k, --key string Location to write out key file (default "key.pem")
-v, --version version for traefik-acme
Running from command line, myresolver is the name of the certificate resolver defined in your traefik configuration. Example from the documentation [certificatesResolvers.myresolver.acme] would mean using myresolver as the parameter.
traefik-acme -r myresolver -a /config/acme.json -c /etc/service/cert.pem -k /etc/service/key.pem servicename.domain.comIf you want to use it in a script (for cron)
traefik-acme --exit-code -r mycertresolver -a /config/acme.json -c /etc/service/cert.pem -k /etc/service/key.pem servicename.domain.com
if [ $? == 99 ]; then
systemctl reload service
fiRunning from command line.
traefik-acme -a /config/acme.json -c /etc/service/cert.pem -k /etc/service/key.pem servicename.domain.comIf you want to use it in a script (for cron)
traefik-acme --exit-code -a /config/acme.json -c /etc/service/cert.pem -k /etc/service/key.pem servicename.domain.com
if [ $? == 99 ]; then
systemctl reload service
fidocker run --rm \
-v "/docker/traefik/config/:/input" \
-v "/docker/myservice/certs:/output" \
--workdir /output \
koshatul/traefik-acme:latest --acme "/input/acme.json" domain.example.comThe example expects the acme.json to be in /docker/traefik/config and to write the cert.pem and key.pem to /docker/myservice/certs.
make testginkgo ./src/...