bsyk/cf-letsencrypt

Name: cf-letsencrypt

Description: Let's Encrypt wrapper for Cloud-Foundry

Created: 2016-02-02 07:56:40.0

Updated: 2018-01-06 10:08:38.0

Pushed: 2017-01-25 21:18:52.0

Homepage: null

Size: 10

Language: Python

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

cf-letsencrypt

Let's Encrypt wrapper for Cloud-Foundry

Create certificates for your Cloud-Foundry-hosted apps and domains using Let's Encrypt.

Using the --path argument of the map-route command, you can specify just a path to be directed to a separate app. The benefit, in this situation, is that you can renew your certificates with zero downtime for your apps by running the letsencrypt code in a separate instance without disrupting your application.

:
ap-route - Add a url route to an app

E:
f map-route APP_NAME DOMAIN [--hostname HOSTNAME] [--path PATH]

PLES:
f map-route my-app example.com                              # example.com
f map-route my-app example.com --hostname myhost            # myhost.example.com
f map-route my-app example.com --hostname myhost --path foo # myhost.example.com/foo

ONS:
-hostname, -n   Hostname for the route (required for shared domains)
-path           Path for the route

Firstly you must have your cf cli configured, domains created, and DNS configured to point to your CF provider.

Once you have that, just edit the domains.yml file checked out from this repo and run python setup-app.py.

This will push the app, map all the routes for the auto-check that LetsEncrypt needs to do to verify that you own the domain. It maps host.domain/.well-known/acme-challenge to this app for each domain/host that you want to generate a certificate for.

The LetsEncrypt client will sign the requests, go through the verification and fetch the signed certificates that you can then fetch with the cf files command.

Just watch the logs to see when the process has finished. cf logs letsencrypt

While you could leave the app running, it probably makes sense to stop it when you don't need it, and just start it up when you need to renew certificates or add another host/domain. By default it will keep running for 1 week, then kill itself. DEA will then try to restart it for you…

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.