A tool for managing LetsEncrypt certificates. Focusing on Kubernetes and the Google Cloud platform.
- LetsEncryptIT
- That you are using CloudFlare as your DNS provider. As DNS is the assumed certificate authentication mechanism
- That you use the Google Cloud platform
- And the use of the built-in Google Cloud Load-balancer to "front" your Kubernetes cluster
As of 20190411
- Expand a LetsEncrypt certificate. With one or more domains. See expanding a LetsEncrypt certificate
- Remove one or more domains from a LetsEncrypt certificate. Shrinking it (shrinking is not verified LetsEncrypt terminology)
- Renewing a LetsEncrypt certificate. See renewing a LetsEncrypt certificate
- List info on a LetsEncrypt certificate. See list information on a LetsEncrypt certificate
- Update a GCP (Google Cloud Platform) load-balancer with the LetsEncrypt cert stored on a GCP Kubernetes persistent disk. See this how-to
- Ensure that you have followed the pre-requisites document
- Refer yourself to the links to documentation on this, in the section above
- Ensure that you have followed the pre-requisites document
- Update the placeholders to contain real values in the
cronjob.yml
file 2. TheclaimName
property needs to be updated with the name of the persistent disk claim you made on GCP
Execute: kubectl apply -f ./kubernetes/deploys/cronjob.yml
Their location: /LetsEncryptIT/docker/*
This Dockerfile
is created because of this issue - in short the official Certbot Docker image does not support Python v3+. This projects uses Python v3+ only compatible code.
The image is basically a ripoff of the official Dockerfile found here
Basically only the top-level line of. From FROM python:2-alpine3.9
to FROM python:3-alpine3.9
Consider this file a template which can be used for setting up a Kubernetes cronjob.
A Pod deployment to act as a cli for interacting with the LetsEncryptIT tool. E.g. expanding a certificate, renewing and so forth.
- Remember to delete the letsencryptit-cli Pod after use. Unless, you want it running so that you can quickly use it, and are okay with the resources it will be using (not many though)
- See Get info and debug LetsEncryptIT
- a look behind the scenes. On the inner workings of the LetsEncryptIT tool
- On LetsEncrypt
- On the Google Cloud load-balancer API
- Gathering the name of your GCP proxy. This can be a bit confusing, so I created a small how-to on this.
- The name is used for the TARGET_HTTPS_PROXY constant variable in the constants.py file. Which gets its value from the gcp_project_proxy environment variable.