letsencrypt/

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Links

Open Source Insights

README ¶

Akeyless Let's Encrypt producer

This is a custom producer implementation that automates Let's Encrypt certificates via get-dynamic-secret-value operations.

Installation

Permissions

This producer must be deployed in AWS environment with sufficient permissions to access and modify Route 53 records. These permissions are required in order to solve DNS challenges presented by Let's Encrypt to prove that the caller has control over the requested domain name.

Using Docker image

Akeyless Let's Encrypt producer is available as a Docker image: akeyless/letsencrypt-producer. It exposes a single port :80 and is stateless.

Building from source

Clone this repository and build the binary using letsencrypt/bin/cmd package. Running the binary creates a web-server listening on port :80.

Configuration

This producer must be configured using the following environment variables:

Dry-run mode

While setting up an integration with this producer, Akeyless performs a "dry-run" session to make sure everything is configured properly. This mode doesn't do anything with Let's Encrypt. Instead, it returns an empty "Success" response immediately.

Production mode

`AKEYLESS_ACCESS_ID`

Each Akeyless API Gateway instance is associated with an Auth Method. Producers running in the same API Gateway use this Auth Method to communicate with Akeyless. In order to prove that the requests received by this producer were issued by an authorized producer, its access ID must be specified at deployment time. Access credentials issued by another access ID must not be accepted by this producer to prevent abuse.

`AKEYLESS_ITEM_NAME`

This is an optional variable that allows to specify the name of dynamic secret producer that is allowed to issue requests to this custom producer. For example, if a single API Gateway manages more than a single custom producer, a particular Let's Encrypt producer deployment may be limited to only one of them. This name should be the full item name, including the leading /.

`LE_EMAIL`

This is an optional variable to set a default email address to use to access Let's Encrypt. It will be used if no "email" sub-claim exists in the request.

Usage

This producer accepts the following arguments:

Field name	Description
`domain`	Required: A comma seperated domain list to issue in Let's Encrypt certificate. The first domain is used for the `CommonName` field of the certificate, all other domains are added using the `Subject Alternate Names` extension
`use_staging`	Use Let's Encrypt staging environment. Useful during testing or integration to avoid rate limits.

For example:

akeyless get-dynamic-secret-value \
    --name /letsencrypt \
    --profile saml-profile \
    --args='{"domain":"foo.example.com","use_staging":true}' \
    --timeout 300

Please make sure you don't exceed Let's Encrypt rate limits.

Directories ¶

Path	Synopsis
bin
cmd
lambda
internal
producer Package producer implements Let's Encrypt certificate automation using Akeyless Dynamic Secrets.	Package producer implements Let's Encrypt certificate automation using Akeyless Dynamic Secrets.
webhook Package webhook wraps Let's Encrypt custom producer with HTTP API.	Package webhook wraps Let's Encrypt custom producer with HTTP API.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL