mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 21:21:42 +00:00
Merge pull request #1957 from pashinin/master
Write certs in Vault for Fabio load balancer
This commit is contained in:
commit
b54d6589c3
@ -296,3 +296,39 @@ You can then deploy the certificate as follows
|
|||||||
```sh
|
```sh
|
||||||
acme.sh --deploy -d www.mydomain.com --deploy-hook gitlab
|
acme.sh --deploy -d www.mydomain.com --deploy-hook gitlab
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## 12. Deploy your cert to Hashicorp Vault
|
||||||
|
|
||||||
|
```sh
|
||||||
|
export VAULT_PREFIX="acme"
|
||||||
|
```
|
||||||
|
|
||||||
|
You can then deploy the certificate as follows
|
||||||
|
|
||||||
|
```sh
|
||||||
|
acme.sh --deploy -d www.mydomain.com --deploy-hook vault_cli
|
||||||
|
```
|
||||||
|
|
||||||
|
Your certs will be saved in Vault using this structure:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
vault write "${VAULT_PREFIX}/${domain}/cert.pem" value=@"..."
|
||||||
|
vault write "${VAULT_PREFIX}/${domain}/cert.key" value=@"..."
|
||||||
|
vault write "${VAULT_PREFIX}/${domain}/chain.pem" value=@"..."
|
||||||
|
vault write "${VAULT_PREFIX}/${domain}/fullchain.pem" value=@"..."
|
||||||
|
```
|
||||||
|
|
||||||
|
You might be using Fabio load balancer (which can get certs from
|
||||||
|
Vault). It needs a bit different structure of your certs in Vault. It
|
||||||
|
gets certs only from keys that were saved in `prefix/domain`, like this:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
vault write <PREFIX>/www.domain.com cert=@cert.pem key=@key.pem
|
||||||
|
```
|
||||||
|
|
||||||
|
If you want to save certs in Vault this way just set "FABIO" env
|
||||||
|
variable to anything (ex: "1") before running `acme.sh`:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
export FABIO="1"
|
||||||
|
```
|
||||||
|
@ -49,9 +49,13 @@ vault_cli_deploy() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -n "$FABIO" ]; then
|
||||||
|
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}" cert=@"$_cfullchain" key=@"$_ckey" || return 1
|
||||||
|
else
|
||||||
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
|
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
|
||||||
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
|
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
|
||||||
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
|
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
|
||||||
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
|
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
|
||||||
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user