Doomsday is a server (and also a CLI) which can be configured to track certificates from different storage backends (Vault, Credhub, Pivotal Ops Manager, or actual websites) and provide a tidy view into when certificates will expire. Doomsday provides no automation for renewal - Doomsday simply provides the information required for maintainers to take action.
Create a configuration manifest and start the server against it with
doomsday server -m <pathtomanifest>
The manifest should be written in YAML. An example schema with documentation can be found at docs/ddayconfig.yml
You'll want to make a directory that has three files.
- A binary of doomsday for the correct operating system
- A doomsday server configuration manifest
- A cf application manifest for deploying doomsday
The binary can be found at the releases page for this Github repo.
An example manifest can be found at
docs/ddayconfig.yml. Omit the server.port
property
from the manifest. This will cause the server to look for the PORT
environment
variable for which port to have the API listen on (which is what CF wants).
The cf application manifest will probably look something like this,
assuming that your binary is called doomsday
, and your configuration
manifest is called doomsdayconf.yml
.
---
applications:
- name: doomsday
memory: 256M
instances: 1
command: ./doomsday server -m doomsdayconf.yml
buildpack: binary_buildpack
Then, if your cf app manifest is called manifest.yml
, run
cf push -f manifest.yml