mirror of https://github.com/breard-r/acmed.git
Rodolphe Breard
6 years ago
4 changed files with 169 additions and 65 deletions
-
3Makefile
-
64acmed/acmed_example.toml
-
17acmed/config/acmed.toml
-
150acmed/config/default_hooks.toml
@ -1,64 +0,0 @@ |
|||
[global] |
|||
accounts_directory = "/etc/acmed/accounts" |
|||
certificates_directory = "/etc/acmed/certs" |
|||
|
|||
[[endpoint]] |
|||
name = "letsencrypt v2 prod" |
|||
url = "https://acme-v02.api.letsencrypt.org/directory" |
|||
tos_agreed = false |
|||
|
|||
[[endpoint]] |
|||
name = "letsencrypt v2 staging" |
|||
url = "https://acme-staging-v02.api.letsencrypt.org/directory" |
|||
tos_agreed = false |
|||
|
|||
[[hook]] |
|||
name = "http-echo-create" |
|||
type = ["challenge-http-01"] |
|||
cmd = "echo" |
|||
args = ["{{proof}}"] |
|||
stdout = "/srv/http/{{domain}}/.well-known/acme-challenge/{{file_name}}" |
|||
|
|||
[[hook]] |
|||
name = "http-echo-clean" |
|||
type = ["challenge-http-01-clean"] |
|||
cmd = "rm" |
|||
args = [ |
|||
"-f", |
|||
"/srv/http/{{domain}}/.well-known/acme-challenge/{{file_name}}" |
|||
] |
|||
|
|||
[[group]] |
|||
name = "http-echo" |
|||
hooks = ["http-echo-create", "http-echo-clean"] |
|||
|
|||
[[hook]] |
|||
name = "email-report" |
|||
type = ["post-operation"] |
|||
cmd = "sendmail" |
|||
args = [ |
|||
"-f", "noreply@example.org", |
|||
"john.doe@example.org" |
|||
] |
|||
stdin = """Subject: Certificate renewal alert for {{domains.[0]}} |
|||
|
|||
The following certificate is being renewed. |
|||
domains: {{#each domains}}{{#if @index}}, {{/if}}{{this}}{{/each}} |
|||
algorithm: {{algorithm}} |
|||
status: {{status}}""" |
|||
|
|||
[[account]] |
|||
name = "test_account" |
|||
email = "certs@example.org" |
|||
|
|||
[[certificate]] |
|||
account = "test_account" |
|||
endpoint = "letsencrypt v2 staging" |
|||
domains = [ |
|||
{ dns = "example.org", challenge = "http-01"}, |
|||
{ dns = "sub-1.example.org", challenge = "http-01" }, |
|||
{ dns = "sub-2.example.org", challenge = "http-01" } |
|||
] |
|||
algorithm = "ecdsa_p384" |
|||
kp_reuse = false |
|||
hooks = ["http-echo", "email-report"] |
@ -0,0 +1,17 @@ |
|||
include = [ |
|||
"default_hooks.toml" |
|||
] |
|||
|
|||
[global] |
|||
accounts_directory = "/etc/acmed/accounts" |
|||
certificates_directory = "/etc/acmed/certs" |
|||
|
|||
[[endpoint]] |
|||
name = "letsencrypt v2 prod" |
|||
url = "https://acme-v02.api.letsencrypt.org/directory" |
|||
tos_agreed = false |
|||
|
|||
[[endpoint]] |
|||
name = "letsencrypt v2 staging" |
|||
url = "https://acme-staging-v02.api.letsencrypt.org/directory" |
|||
tos_agreed = false |
@ -0,0 +1,150 @@ |
|||
# Copyright (c) 2019 Rodolphe Bréard <rodolphe@breard.tf> |
|||
# |
|||
# Copying and distribution of this file, with or without modification, |
|||
# are permitted in any medium without royalty provided the copyright |
|||
# notice and this notice are preserved. This file is offered as-is, |
|||
# without any warranty. |
|||
|
|||
# ------------------------------------------------------------------------ |
|||
# Default hooks for ACMEd |
|||
# You should not edit this file since it may be overridden by a newer one. |
|||
# ------------------------------------------------------------------------ |
|||
|
|||
|
|||
# |
|||
# http-01 challenge in "/var/www/{{domain}}/" |
|||
# |
|||
|
|||
[[hook]] |
|||
name = "http-01-echo-mkdir" |
|||
type = ["challenge-http-01"] |
|||
cmd = "mkdir" |
|||
args = [ |
|||
"-m", "0755", |
|||
"-p", "/var/www/{{domain}}/.well-known/acme-challenge" |
|||
] |
|||
|
|||
[[hook]] |
|||
name = "http-01-echo-echo" |
|||
type = ["challenge-http-01"] |
|||
cmd = "echo" |
|||
args = ["{{proof}}"] |
|||
stdout = "/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}" |
|||
|
|||
[[hook]] |
|||
name = "http-01-echo-chmod" |
|||
type = ["challenge-http-01-clean"] |
|||
cmd = "chmod" |
|||
args = [ |
|||
"a+r", |
|||
"/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}" |
|||
] |
|||
|
|||
[[hook]] |
|||
name = "http-01-echo-clean" |
|||
type = ["challenge-http-01-clean"] |
|||
cmd = "rm" |
|||
args = [ |
|||
"-f", |
|||
"/var/www/{{domain}}/.well-known/acme-challenge/{{file_name}}" |
|||
] |
|||
|
|||
[[group]] |
|||
name = "http-01-echo-var-www" |
|||
hooks = [ |
|||
"http-01-echo-mkdir", |
|||
"http-01-echo-echo", |
|||
"http-01-echo-chmod", |
|||
"http-01-echo-clean" |
|||
] |
|||
|
|||
|
|||
# |
|||
# tls-alpn-01 challenge with tacd |
|||
# |
|||
|
|||
[[hook]] |
|||
name = "tls-alpn-01-tacd-start-tcp" |
|||
type = ["challenge-tls-alpn-01"] |
|||
cmd = "tacd" |
|||
args = [ |
|||
"--pid-file", "/tmp/tacd_{{domain}}.pid", |
|||
"--domain", "{{domain}}", |
|||
"--acme-ext", "{{proof}}", |
|||
"--listen", "{{domain}}:5001" |
|||
] |
|||
|
|||
[[hook]] |
|||
name = "tls-alpn-01-tacd-start-unix" |
|||
type = ["challenge-tls-alpn-01"] |
|||
cmd = "tacd" |
|||
args = [ |
|||
"--pid-file", "/tmp/tacd_{{domain}}.pid", |
|||
"--domain", "{{domain}}", |
|||
"--acme-ext", "{{proof}}", |
|||
"--listen", "unix:/tmp/tacd_{{domain}}.sock" |
|||
] |
|||
|
|||
[[hook]] |
|||
name = "tls-alpn-01-tacd-kill" |
|||
type = ["challenge-tls-alpn-01-clean"] |
|||
cmd = "pkill" |
|||
args = [ |
|||
"-F", "/tmp/tacd_{{domain}}.pid" |
|||
] |
|||
|
|||
[[hook]] |
|||
name = "tls-alpn-01-tacd-rm" |
|||
type = ["challenge-tls-alpn-01-clean"] |
|||
cmd = "rm" |
|||
args = [ |
|||
"-f", "/tmp/tacd_{{domain}}.pid" |
|||
] |
|||
|
|||
[[group]] |
|||
name = "tls-alpn-01-tacd-tcp" |
|||
hooks = ["tls-alpn-01-tacd-start-tcp", "tls-alpn-01-tacd-kill", "tls-alpn-01-tacd-rm"] |
|||
|
|||
[[group]] |
|||
name = "tls-alpn-01-tacd-tcp-unix" |
|||
hooks = ["tls-alpn-01-tacd-start-unix", "tls-alpn-01-tacd-kill", "tls-alpn-01-tacd-rm"] |
|||
|
|||
|
|||
# |
|||
# Git storage hook |
|||
# |
|||
|
|||
[[hook]] |
|||
name = "git-init" |
|||
type = ["file-pre-create", "file-pre-edit"] |
|||
cmd = "git" |
|||
args = [ |
|||
"init", |
|||
"{{file_directory}}" |
|||
] |
|||
|
|||
[[hook]] |
|||
name = "git-add" |
|||
type = ["file-post-create", "file-post-edit"] |
|||
cmd = "git" |
|||
args = [ |
|||
"-C", "{{file_directory}}", |
|||
"add", "{{file_name}}" |
|||
] |
|||
|
|||
[[hook]] |
|||
name = "git-commit" |
|||
type = ["file-post-create", "file-post-edit"] |
|||
cmd = "git" |
|||
args = [ |
|||
"-C", "{{file_directory}}", |
|||
"-c", "user.name=ACMEd", |
|||
"-c", "user.email=acmed@localhost", |
|||
"commit", |
|||
"-m", "{{file_name}}", |
|||
"--only", "{{file_name}}" |
|||
] |
|||
|
|||
[[group]] |
|||
name = "git" |
|||
hooks = ["git-init", "git-add", "git-commit"] |
Write
Preview
Loading…
Cancel
Save
Reference in new issue