Skyfritt/certman
4
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
No description
4 commits 2 branches 0 tags 109 KiB
Shell 100%
Find a file
Ruben 2b07e1266c Extend functionality
2025-03-03 12:37:55 +01:00
.gitignore Add .env and README 2025-02-28 21:48:08 +01:00
certman.sh Extend functionality 2025-03-03 12:37:55 +01:00
LICENSE Initial commit 2025-02-28 21:24:51 +01:00
README.md Extend functionality 2025-03-03 12:37:55 +01:00

README.md

Certwarden Certificate Management

A bash script for managing SSL/TLS certificates through the Certwarden API. This tool provides both automated and interactive interfaces for downloading, installing, and managing certificates on your system.

Features

  • Download and verify certificates and private keys from Certwarden server
  • Automatic installation with proper permissions and ownership
  • Certificate and key pair validation
  • Service reload after certificate updates
  • Certificate expiration monitoring
  • Interactive menu-driven interface
  • Automated mode support through environment configuration
  • Proper error handling and logging
  • Support for multiple certificates

Prerequisites

The script requires the following dependencies:

  • curl: For API interactions
  • jq: For JSON processing
  • openssl: For certificate operations

Installation

  1. Clone this repository:
git clone <repository-url>
cd certman
  1. Make the script executable:
chmod +x certman.sh
  1. Create a .env file with your configuration:
# Server Configuration
CERTWARDEN_SERVER="certwarden.dmz.skyfritt.net:443"

# Certificate Paths
CERT_PATH="/etc/forgejo"
KEY_PATH="/etc/forgejo"
TEMP_PATH="/tmp/certman"

# Service Configuration
SERVICE_NAME="forgejo"
CERT_OWNER="git"
CERT_GROUP="git"
CERT_PERMISSIONS="644"
KEY_PERMISSIONS="600"

# Certificate Configurations (JSON format)
CERTIFICATES='[
  {
    "domain": "example.com",
    "cert_api_key": "your_cert_api_key",
    "key_api_key": "your_key_api_key"
  }
]'

# Optional: Auto mode configuration
AUTO_MODE="false"

Environment Variables Explained

Variable Description Required
CERTWARDEN_SERVER Certwarden API server hostname and port Yes
CERT_PATH Directory for certificate storage Yes
KEY_PATH Directory for private key storage Yes
TEMP_PATH Temporary directory for downloads Yes
SERVICE_NAME Service to reload after certificate updates Yes
CERT_OWNER User owner for certificate files Yes
CERT_GROUP Group owner for certificate files Yes
CERT_PERMISSIONS Certificate file permissions Yes
KEY_PERMISSIONS Private key file permissions Yes
CERTIFICATES JSON array of certificate configurations Yes
AUTO_MODE Enable automated operation No

Usage

Interactive Mode

Run the script without any arguments:

./certman.sh

This will present a menu with the following options:

  1. Process all certificates
  2. List installed certificates
  3. Check certificate expiration
  4. Exit

Automated Mode

Set AUTO_MODE="true" in the .env file and run the script. This is suitable for cron jobs.

Cron Configuration

Add these lines to your crontab for automated certificate management:

@reboot sleep 15 && /path/to/certman.sh
5 4 * * 2 /path/to/certman.sh

Security Considerations

  • Store the script and .env file in a secure location with restricted permissions
  • Use appropriate permissions for certificate and key files
  • Keep API keys secure and rotate them periodically
  • Run the script as a user with appropriate privileges