SSL Certification Renewal Suite. Automated bot to finish domain verification challenges with Godaddy, renew SSL certificates with letsencrypt, convert certificates to pfx, and replace the expired version in Azure Vault.
Coded it one weekend to simplify my own life,
Definitely feel free to drop in issues or PR if interested in pushing this project further.
> virtualenv -p python3 venv
> source venv/bin/activate
> pip3 install -r requirements.txt
Create an .env
file in the project folder with the following structure and input values.
[GODADDY]
API_KEY=xxxxxxx
API_SECRET=xxxxxxx
[AZURE]
CERT_VAULT_URL=https://xxxxxxx.vault.azure.net/
CLIENT_ID=xxxxxxx
TENANT_ID=xxxxxxx
SECRET=xxxxxxx
[CERTS]
SECTIONS=ADMIN_SERVER_CERT,SHOP_SERVER_CERT
[ADMIN_SERVER_CERT]
NAME=xxxxxxx
LOCAL_PFX_PATH=/xxxxxxx/admin-server.veniqa.com/certificate.pfx
PASSWORD=xxxxxxx
[SHOP_SERVER_CERT]
NAME=xxxxxxx
LOCAL_PFX_PATH=/xxxxxxx/shop-server.veniqa.com/certificate.pfx
PASSWORD=xxxxxxx
Note
CERTS
section and below can be entered later before running the cert processor.[ADMIN_SERVER_CERT]
is an example of a section that is needed per certificate you want renewed.[CERTS]
section's SECTIONS
entry> chmod +x kickoff.sh
> chmod +x dns_challenge_hook.sh
> chmod +x cert_processor.sh
Command: ./kickoff.sh
Once the renewed certificates have been generated,
cert_processor.sh
to point to the folder of your choice./cert_processor.sh
The automated process ends with renewing the certificate and updating in the Azure Vault
You will then have to log in and point your app to use the updated certificate stored in your Azure vault. I couldn't find an API to facilitate this part. If you find a way, feel free to drop an issue with the resource.