Where are the Let's Encrypt Certificates?
AKnulp opened this issue · 2 comments
Hello Everyone.
I used to (mis)use the Certificates that I got from LE for my fritzbox webinterface and my IMAPS-Courier-Server.
(copied it together like
cat /etc/letsencrypt/live/domain.name/privkey.pem /etc/letsencrypt/live/domain.name/fullchain.pem > /etc/courier/imapd.pem
and
cat /etc/letsencrypt/live/domain.name/cert.pem /etc/letsencrypt/live/domain.name/chain.pem /etc/letsencrypt/live/domain.name/privkey.pem > fritzbox.pem
Now that I am happily using this Kubernetes All-in-one Solution with traefik responsible for getting the Certificates
I can't quite figure out where to get these to use the for fritzbox and Courier-Server.
For now I am so far as to assume that they might be in the landingpage container that I found/accessed via
kubectl get pods -o wide
kubectl exec -it landingpage-* -- /bin/sh
But no luck so far.
Any hints on how to tackle this Problem are really appreciated.
Traefik that is used to get and update the certificates here saves them in a single file acme.json (see team-setup/templates/ingress/04-deployment.yml). This file is placed in a persistent volume that has to be claimed by the pod through a persistent volume claim.
In the case of this simple single node deployment, the default storage class local-path is used, so it's easy to get to this file from the commandline. Look through the list of persistent volume claims for a one that looks like it is used to store the traefik certs or look through the traefik templates (hint: it's in 03-storage.yaml). Then ask for the local path of this storage:
PV=$(kubectl get -o json pvc traefik-cert | jq -r .spec.volumeName)
kubectl get -o json pv $PV | jq -r .spec.hostPath.pathjq is a very nice tool to get data from json in a script.
To get the certs from the acme.json file you could use a tool such as traefik-acme.
sorry, that it almost took a month to reply, but:
Works like a charm!
Thank You very much