Skyfritt/certman
4
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
No description
29 commits 3 branches 0 tags 125 KiB
Shell 100%
Find a file
Exact
Ruben ab59a58c55 Use install for certificate and key file installation 
Replace separate cp and chmod operations with single install commands
for certificate, key, and PEM file installation to ensure proper
permissions and ownership are set in one operation
2026-02-20 23:07:44 +01:00
.gitignore Add .env and README 2025-02-28 21:48:08 +01:00
certman.sh Use install for certificate and key file installation 2026-02-20 23:07:44 +01:00
example.env Cleaned up before merge 2025-05-07 13:04:49 +02:00
LICENSE Initial commit 2025-02-28 21:24:51 +01:00
README.md fix: better handeling of restart/reload logic 2025-05-07 14:53:07 +02:00

README.md

Certwarden Certificate Management

A bash script for managing SSL/TLS certificates through the Certwarden API. This tool provides both automated and interactive interfaces for downloading, installing, and managing certificates on your system.

Features

  • Download and verify certificates and private keys from Certwarden server
  • Automatic installation with proper permissions and ownership
  • Certificate expiration monitoring
  • Interactive menu-driven interface
  • Force update option for certificate renewals
  • Support for multiple certificates

Prerequisites

The script requires the following dependencies:

  • curl: For API interactions
  • jq: For JSON processing
  • openssl: For certificate operations

Installation

  1. Clone this repository into /opt/certman/:
git clone https://forge.dmz.skyfritt.net/Skyfritt/certman.git --depth=1 /opt/certman && cd certman
  1. Rename example.env to .env and modify as needed:
# Server Configuration
CERTWARDEN_SERVER="certwarden.dmz.skyfritt.net:443"

# Certificate Paths
CERT_PATH="/etc/certs"
KEY_PATH="/etc/certs"
TEMP_PATH="/tmp/certman"
FULLCHAIN_PEM="true"

# Service Configuration
SERVICE_NAME="nginx"
CERT_OWNER="www-data"
CERT_GROUP="www-data"
CERT_PERMISSIONS="644"
KEY_PERMISSIONS="600"

# Certificate Configurations (JSON format)
# Add as many or few domains as you need (but remember to add or delete the JSON comma!)
CERTIFICATES='[
  {
    "domain": "example-one.com",
    "cert_api_key": "your_cert_api_key",
    "key_api_key": "your_key_api_key"
  }
]'

Usage

Interactive Mode

Run the script without any arguments

./certman.sh

Cron Configuration

Add these lines to your crontab for automated certificate management:

@reboot sleep 15 && /path/to/certman.sh --silent
2 2 * * 7 /opt/certman/certman.sh --silent

Silent Mode

Run the script with the --silent flag for a silent certificate check. It will use the options set in the .env file.

./certman.sh --silent

Force Update

Use the --force flag to force certificate updates regardless of current status:

./certman.sh --force

Disable fetching fullchain PEM

Use the --disable-pem to only fetch the .key and .crt:

./certman.sh --disable-pem

Restart service instead of Reload

Some services do not support at soft restart (reload). use --restart to force this option insted of the default reload.

./certman.sh --restart

Environment Variables

Variable Description Required
CERTWARDEN_SERVER Certwarden API server hostname and port Yes
CERT_PATH Directory for certificate storage Yes
KEY_PATH Directory for private key storage Yes
TEMP_PATH Temporary directory for downloads Yes
FULLCHAIN_PEM Enabled by default No
SERVICE_NAME Service to reload after certificate updates Yes
SERIVCE_SUPPORTS Reload or restart? Reload is the default No
CERT_OWNER User owner for certificate files Yes
CERT_GROUP Group owner for certificate files Yes
CERT_PERMISSIONS Certificate file permissions Yes
KEY_PERMISSIONS Private key file permissions Yes
CERTIFICATES JSON array of certificate configurations Yes