search

SnowMB / traefik-certificate-extractor

Tool to extract Let's Encrypt certificates from Traefik's ACME storage file.
MIT License
14 stars 9 forks source link

New version needed for traefik V2.0 #3

Open dwernerinformatica opened 4 years ago

dwernerinformatica commented 4 years ago

As the traefik V2.0 container creates a slightly different acme.json v2 file format code changes are needed: 

diff -c extractor.py extractor.py.orig
*** extractor.py        2019-09-23 21:30:37.703743606 +0200
--- extractor.py.orig   2019-09-23 21:17:22.761616058 +0200
***************
*** 87,93 ****

  def createCerts(args):
      # Read JSON file
!     data = json.loads(open(args.certificate).read())['default']

      # Determine ACME version
      acme_version = 2 if 'acme-v02' in data['Account']['Registration']['uri'] else 1
--- 87,93 ----

  def createCerts(args):
      # Read JSON file
!     data = json.loads(open(args.certificate).read())

      # Determine ACME version
      acme_version = 2 if 'acme-v02' in data['Account']['Registration']['uri'] else 1
***************
*** 108,120 ****
              fullchain = c['Certificate']['Certificate']
              sans = c['Domains']['SANs']
          elif acme_version == 2:
!             name = c['domain']['main']
!             privatekey = c['key']
!             fullchain = c['certificate']
!             if 'sans' in c['domain']:
!                 sans = c['domain']['sans']
!             else:
!                 sans = []

          if (args.include and name not in args.include) or (args.exclude and name in args.exclude):
              continue
--- 108,117 ----
              fullchain = c['Certificate']['Certificate']
              sans = c['Domains']['SANs']
          elif acme_version == 2:
!             name = c['Domain']['Main']
!             privatekey = c['Key']
!             fullchain = c['Certificate']
!             sans = c['Domain']['SANs']

          if (args.include and name not in args.include) or (args.exclude and name in args.exclude):
              continue
dwernerinformatica commented 4 years ago

However even with this change the use in a dockerized enviornment seems not to work, as it does not recognize changes of acme.json on the Dockerhost. Also missing is an initial run, i.e. if a acme.json was already created, none of the keys are created unless a change of acme.json is detected.