search

auto-ssl / lua-resty-auto-ssl

On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let's Encrypt.
MIT License
1.93k stars 182 forks source link

Migrate letsencrypt certifcates on disk to lua-resty-open-ssl #282

Closed pttx1982 closed 1 year ago

pttx1982 commented 1 year ago

Hi there,

We have an existing setup with ~1k of certificates issued by letsencrypt on disk. We'd like to migrate these into a new setup using lua-resty-open-ssl. I'm not able to figure out where to place the previsously issued certificates on the new setup. I've tried the default dir (/etc/resty-auto-ssl/storage/file), using a new dir for each each domain containing the files generated previously. I suspect that either the location is incorrect, or the certificates need to be addressed in a separate file. W're using file-based storage.

Any suggestions are more then welcome!

aviatrix commented 1 year ago

The file name structure must be like this : 

domain.com:latest

and lua resty url encodes it as this on disk

domain.com%3Alatest

The structure of the file contents needs to be like this: 

{
    "fullchain_pem": "-----BEGIN CERTIFICATE-----\n<your pem here>\n-----END CERTIFICATE-----\n\nhttp:\/\/cert.int-x3.letsencrypt.org\/\n-----BEGIN CERTIFICATE-----\n<LE PEM HERE>\n-----END CERTIFICATE-----\n",
    "cert_pem": "-----BEGIN CERTIFICATE-----\n<pem here>\n-----END CERTIFICATE-----\n",
    "expiry": 1576772938,
    "privkey_pem": "-----BEGIN RSA PRIVATE KEY-----\n< private key here >\n-----END RSA PRIVATE KEY-----\n"
}

p.s. I would HIGHLY recommend against storing the certs on disk, and rather use Redis for this.

pttx1982 commented 1 year ago

Very helpful, thank you for sharing your insights!