Automatically provision a Linode Object Storage bucket with a Let's Encrypt certificate.
Requires Python 3.8+ with Cryptography and Requests.
pip install cryptography requests
This assumes you have already created an Object Storage Bucket
for a domain (e.g. my.bucket.domain) and configured a DNS
to point to the bucket.
The bucket name and DNS name must be identical.
-
Generate Let's Encrypt account key:
openssl genrsa 4096 > account_key.pem -
Create a Linode API Personal Access Token with Read/Write permission to Object Storage.
-
Provision a certificate for this bucket:
export LINODE_TOKEN=... python3 -m acme_linode_objectstorage -k account_key.pem my.bucket.domainThe Object Storage cluster can be specified with the
--clusterflag (default:us-east-1).If this is the first time running the script, you will also need to include the
--agree-to-terms-of-serviceflag to indicate agreement with the Let's Encrypt Terms of Service.
Certificates are typically valid for 90-days. This script should be re-run approximately 30-days prior to certificate expiration.
Licenced under the MIT License. See LICENSE for details.