search

ldez / traefik-certs-dumper

Dump ACME data from Traefik to certificates
Other
456 stars 30 forks source link

.pem capability #1

Closed Madseason41 closed 5 years ago

Madseason41 commented 5 years ago

Any chance you can add the ability to automatically create the .pem crt/key files?

ldez commented 5 years ago

What do you mean by "automatically"? Could you give a concrete use case?

Madseason41 commented 5 years ago

Forgive my lack of knowledge, I will do the best i can. I use a docker traefik image to handle getting the certs for a home website (homeassistant). For certain functions of the website to work, i need to point the program to the .pem files. As far as I know, it doesn't accept .key or .crt file extensions.

https://www.home-assistant.io/docs/ecosystem/certificates/tls_self_signed_certificate/

ldez commented 5 years ago

The certificate (.crt) and the key (.key) are already PEM encoded. Then it's just a file extension issue.

Madseason41 commented 5 years ago

I believe you are right. I guess I just need to change the extension.

https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files

Also, the option to put the .pem files (and .crt .key) files in the same folder would be great, but I know that's being picky.

ldez commented 5 years ago

I will create an option to do that for you :wink:

Madseason41 commented 5 years ago

I will create an option to do that for you 😉

Thanks, you are awesome!

ldez commented 5 years ago

It's done :tada: (v1.1.0)

traefik-certs-dumper dump --dest="/home/your_user/.homeassistant/" --crt-ext=.pem --key-ext=.pem
Dump the content of the "acme.json" file from Traefik to certificates.

Usage:
  traefik-certs-dumper dump [flags]

Flags:
      --crt-ext string   The file extension of the generated certificates (default ".crt")
      --dest string      Path to store the dump content. (default "./dump")
  -h, --help             help for dump
      --key-ext string   The file extension of the generated private keys (default ".key")
      --source string    Path to 'acme.json' file. (default "./acme.json")
ldez commented 5 years ago

But certificates and keys are still in a different folder. I'm not sure if it's a good idea or not.

ldez commented 5 years ago

I added the option (v1.2.0):

traefik-certs-dumper dump --use-subdir=false --crt-ext=.pem --key-ext=.pem --dest="/home/your_user/.homeassistant/"
Dump the content of the "acme.json" file from Traefik to certificates.

Usage:
  traefik-certs-dumper dump [flags]

Flags:
      --crt-ext string   The file extension of the generated certificates. (default ".crt")
      --dest string      Path to store the dump content. (default "./dump")
  -h, --help             help for dump
      --key-ext string   The file extension of the generated private keys. (default ".key")
      --source string    Path to 'acme.json' file. (default "./acme.json")
      --use-subdir       Use separated directories for certificates and keys. (default true)
Madseason41 commented 5 years ago

But certificates and keys are still in a different folder. I'm not sure if it's a good idea or not.

You are correct. I tried both updated versions. With renaming the .key and .crt file and placing in same folder I believe one gets overwritten.

In the below link they rename to certificate.pem and privatekey.pem. So probably best to leave in separate folders or add option to rename. I am trying to check and make sure the .pem files work in separate folders. Will let you know soon. Thanks for the quick response.

https://www.home-assistant.io/docs/ecosystem/certificates/tls_self_signed_certificate/

ldez commented 5 years ago

I replaced --use-subdir by --domain-subdir. (v1.3.0)

traefik-certs-dumper dump --domain-subdir=true --crt-ext=.pem --key-ext=.pem --dest="/home/your_user/.homeassistant/"
Dump the content of the "acme.json" file from Traefik to certificates.

Usage:
  traefik-certs-dumper dump [flags]

Flags:
      --crt-ext string   The file extension of the generated certificates. (default ".crt")
      --dest string      Path to store the dump content. (default "./dump")
      --domain-subdir    Use domain as sub-directory.
  -h, --help             help for dump
      --key-ext string   The file extension of the generated private keys. (default ".key")
      --source string    Path to 'acme.json' file. (default "./acme.json")
ldez commented 5 years ago

v1.4.0

$ traefik-certs-dumper dump --domain-subdir=true --crt-ext=.pem --key-ext=.pem
dump
├──my.domain.com
│  ├──certificate.pem
│  └──privatekey.pem
└──private
   └──letsencrypt.key