Description
Quartermaster automates certificates obtention from letsencrypt.org via certbot AND provisions them to google cloud load balancers https proxys.
warning Don't make all your production system rely on this script. It may fail and is not fully-tested / production ready.
Details
The process is to use let's encrypt http challenge by publishing challenge tokens to a google cloud storage bucket using certbot.
The bucket will be behind a google cloud load balancer which will direct trafic from /.well-known/acme-challenge/* urls to the bucket.
If the domain point to the load balancer, Let's encrypt will then be able to validate the domains. The script also deploys the certificates files created using certbot to the google cloud load balancer https proxys using gcloud command line (because... no api is available right now).
Usage
Config file example:
module.exports = {
email: 'your.email@provider.ext',
bucket: 'your-gcloud-bucket',
// staging: true,
certificates: [
{
identifier: 'hubvisor',
domains: [ // domain names embedded in certificate
'my.domain.ext', 'some-other.domain.ext'
],
deploy: [ // gcloud proxy names
'my-https-proxy'
]
}
]
}
- Setup your gcloud load balancer to use a backend bucket dedicated to challenges:
- Configure your urlmap to point to your acme-challenge bucket when the url is
/.well-known/acme-challenge/*
TODO
- [ ] add hooks on completion (for example to send success / error mail)
- [ ] improve documentation with parameters
- [ ] more doc about the options
- [ ] doc about how to setup the machine / docker image
- [ ] fix quirks (dirtylist)