ruhnet
/
leapi
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 2 Wiki Activity
Lets Encrypt certificate renewal API for server cluster and getssl.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
3 Branches
248 KiB
 
Tree: 9d8efe2120
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9d8efe2120'
${ noResults }
 ZIP  TAR.GZ
Ruel Tmeizeh 9d8efe2120 Added license. 4 years ago
LICENSE Added license. 4 years ago
README.md Readme fixes. 4 years ago
go.mod Initial Commit - Version 1.0 4 years ago
go.sum Initial Commit - Version 1.0 4 years ago
leapi.service Some sync fixes, removed certificate verification on sync requests, added systemd service file, timeout increase, few other things. 4 years ago
leapi_config.json Various fixes, improvements. 4 years ago
main.go Various fixes, improvements. 4 years ago

README.md

LEAPI

LEAPI is a clustered server API system, written in Go, for managing Lets Encrypt certificate renewals.

LEAPI uses the excellent getssl Bash script for the actual renewal of certificates.

It can be used on a single server, but is particularly useful for clusters of servers, with many domains. You can use it standalone, for acquiring/renewing certificates for non web services, or with an external webserver like Nginx, Caddy, etc.

LEAPI operates in a multi-master configuration. When you add or delete a server or domain on any server, it automatically replicates the changes to all other servers, and renews your certificate. Replication is accomplished via HTTP.

Endpoints:

[GET] https://leapiserver.tld/api/servers --- List Servers

[PUT] https://leapiserver.tld/api/servers/web1.mydomain.com --- Add New Server

[GET] https://leapiserver.tld/api/domains --- List Domains

[POST] https://leapiserver.tld/api/domains/mycoolsite.com --- Add New Domain

[POST] https://leapiserver.tld/api/renew --- Force Renewal

[GET] https://leapiserver.tld/up --- Uptime Check

Install

  • Download the LEAPI binary, or build from source.
  • Copy it to /opt/leapi
  • You may use the included SystemD service file if you use a SystemD based distribution.
  • Edit the leapi_config.json file for your needs, leaving production set to false until setup is complete. Copy the config file to /opt/leapi or /etc.
  • Install getssl
curl --silent https://raw.githubusercontent.com/srvrco/getssl/latest/getssl > /opt/leapi/getssl ; chmod 700 /opt/leapi/getssl
  • Create the base config for getssl:
/opt/leapi/getssl -w /opt/leapi -c mycoolsite.com
  • Start LEAPI, either from the commandline or with systemctl start leapi
  • Add your servers via the LEAPI API: (You don't necessarily have to do this on the server itself.)
curl -X PUT http://localhost/api/servers/server1.mydomain.com -H 'Authorization: Bearer mySeCrEtKeY'
curl -X PUT http://localhost/api/servers/server2.mydomain.com -H 'Authorization: Bearer mySeCrEtKeY'
curl -X PUT http://localhost/api/servers/server3.mydomain.com -H 'Authorization: Bearer mySeCrEtKeY'
  • Add your domains via the LEAPI API:
curl -X PUT http://localhost/api/domains/mycoolsite.com -H 'Authorization: Bearer mySeCrEtKeY'
curl -X PUT http://localhost/api/domains/myothersite.com -H 'Authorization: Bearer mySeCrEtKeY'
  • Assuming there were no errors, edit your leapi_config.json file and change production to true.
  • Force a renewal via the API:
curl -X POST http://localhost/api/renew -H 'Authorization: Bearer mySeCrEtKeY'