Skip to content
This repository was archived by the owner on Dec 17, 2020. It is now read-only.

SnowMB/traefik-certificate-extractor

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
extractor.py
extractor.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Traefik Certificate Extractor

Forked from DanielHuisman/traefik-certificate-extractor

Tool to extract Let's Encrypt certificates from Traefik's ACME storage file. Can automatically restart containers using the docker API.

Installation

git clone https://github.com/snowmb/traefik-certificate-extractor cd traefik-certificate-extractor

Usage

usage: extractor.py [-h] [-c CERTIFICATE] [-d DIRECTORY] [-f] [-r] [--dry-run] [--include [INCLUDE [INCLUDE ...]] | --exclude [EXCLUDE [EXCLUDE ...]]] Extract traefik letsencrypt certificates. optional arguments: -h, --help show this help message and exit -c CERTIFICATE, --certificate CERTIFICATE file that contains the traefik certificates (default acme.json) -d DIRECTORY, --directory DIRECTORY output folder -f, --flat outputs all certificates into one folder -r, --restart_container uses the docker API to restart containers that are labeled accordingly --dry-run Don't write files and do not start docker containers.  --include [INCLUDE [INCLUDE ...]]  --exclude [EXCLUDE [EXCLUDE ...]]

Default file is ./data/acme.json. The output directories are ./certs and ./certs_flat.

Docker

There is a Docker image available for this tool: snowmb/traefik-certificate-extractor. Example run:

docker run --name extractor -d \ -v /opt/traefik:/app/data \ -v ./certs:/app/certs \ -v /var/run/docker.socket:/var/run/docker.sock \ snowmb/traefik-certificate-extractor -r

Mount the whole folder containing the traefik certificate file (acme.json) as /app/data. The extracted certificates are going to be written to /app/certs. The docker socket is used to find any containers with this label: com.github.SnowMB.traefik-certificate-extractor.restart_domain=<DOMAIN>. If the domains of an extracted certificate and the restart domain matches, the container is restarted. Multiple domains can be given seperated by ,.

You can easily use docker-compose to integrate this container into your setup:

... services: certs: image: snowmb/traefik-certificate-extractor volumes: - path/to/acme.json:/app/data/acme.json:ro - certs:/app/certs:rw - /var/run/docker.sock:/var/run/docker.sock command: -r --include example.com restart: always

Output

certs/ example.com/ cert.pem chain.pem fullchain.pem privkey.pem sub.example.nl/ cert.pem chain.pem fullchain.pem privkey.pem certs_flat/ example.com.crt example.com.key example.com.chain.pem sub.example.nl.crt sub.example.nl.key sub.example.nl.chain.pem

About

Tool to extract Let's Encrypt certificates from Traefik's ACME storage file.

Resources

Readme

License

MIT license
Activity

Stars

14 stars

Watchers

5 watching

Forks

8 forks
Report repository

Releases

6 tags

Packages

 
 
 

Contributors

Languages

  • Python 95.7%
  • Dockerfile 4.3%