Skyfritt/certman
4
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
No description
21 commits 2 branches 0 tags 109 KiB
Shell 100%
Find a file
Exact
Ruben aee6f5ed8b fix: non-interactive force update
2025-05-07 13:21:45 +02:00
.gitignore Add .env and README 2025-02-28 21:48:08 +01:00
certman.sh fix: non-interactive force update 2025-05-07 13:21:45 +02:00
example.env Cleaned up before merge 2025-05-07 13:04:49 +02:00
LICENSE Initial commit 2025-02-28 21:24:51 +01:00
README.md Cleaned up before merge 2025-05-07 13:04:49 +02:00

README.md

Certwarden Certificate Management

A bash script for managing SSL/TLS certificates through the Certwarden API. This tool provides both automated and interactive interfaces for downloading, installing, and managing certificates on your system.

Features

  • Download and verify certificates and private keys from Certwarden server
  • Automatic installation with proper permissions and ownership
  • Certificate expiration monitoring
  • Interactive menu-driven interface
  • Force update option for certificate renewals
  • Support for multiple certificates

Prerequisites

The script requires the following dependencies:

  • curl: For API interactions
  • jq: For JSON processing
  • openssl: For certificate operations

Installation

  1. Clone this repository into /opt/certman/:
git clone https://forge.dmz.skyfritt.net/Skyfritt/certman.git --depth=1 /opt/certman && cd certman
  1. Rename example.env to .env and modify as needed:
# Server Configuration
CERTWARDEN_SERVER="certwarden.dmz.skyfritt.net:443"

# Certificate Paths
CERT_PATH="/etc/certs"
KEY_PATH="/etc/certs"
TEMP_PATH="/tmp/certman"
FULLCHAIN_PEM="true"

# Service Configuration
SERVICE_NAME="nginx"
CERT_OWNER="www-data"
CERT_GROUP="www-data"
CERT_PERMISSIONS="644"
KEY_PERMISSIONS="600"

# Certificate Configurations (JSON format)
# Add as many or few domains as you need (but remember to add or delete the JSON comma!)
CERTIFICATES='[
  {
    "domain": "example-one.com",
    "cert_api_key": "your_cert_api_key",
    "key_api_key": "your_key_api_key"
  }
]'

Usage

Interactive Mode

Run the script without any arguments

./certman.sh

Cron Configuration

Add these lines to your crontab for automated certificate management:

@reboot sleep 15 && /path/to/certman.sh --silent
2 2 * * 7 /opt/certman/certman.sh --silent

Silent Mode

Run the script with the --silent flag for a silent certificate check. It will use the options set in the .env file.

./certman.sh --silent

Force Update

Use the --force flag to force certificate updates regardless of current status:

./certman.sh --force

Disable fetching fullchain PEM

Use the --disable-pem to only fetch the .key and .crt:

./certman.sh --disable-pem

Environment Variables

Variable Description Required
CERTWARDEN_SERVER Certwarden API server hostname and port Yes
CERT_PATH Directory for certificate storage Yes
KEY_PATH Directory for private key storage Yes
TEMP_PATH Temporary directory for downloads Yes
FULLCHAIN_PEM Enabled by default No
SERVICE_NAME Service to reload after certificate updates Yes
CERT_OWNER User owner for certificate files Yes
CERT_GROUP Group owner for certificate files Yes
CERT_PERMISSIONS Certificate file permissions Yes
KEY_PERMISSIONS Private key file permissions Yes
CERTIFICATES JSON array of certificate configurations Yes