letsencrypt/

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

Akeyless Let's Encrypt producer

This is a custom producer implementation that automates Let's Encrypt certificates via get-dynamic-secret-value operations.

Installation

Permissions

This producer must be deployed in AWS environment with sufficient permissions to access and modify Route 53 records. These permissions are required in order to solve DNS challenges presented by Let's Encrypt to prove that the caller has control over the requested domain name.

Using Docker image

Akeyless Let's Encrypt producer is available as a Docker image: akeyless/letsencrypt-producer. It exposes a single port :80 and is stateless.

Building from source

Clone this repository and build the binary using letsencrypt/bin/cmd package. Running the binary creates a web-server listening on port :80.

Configuration

This producer must be configured using the following environment variables:

Dry-run mode

While setting up an integration with this producer, Akeyless performs a "dry-run" session to make sure everything is configured properly. The following environment variables must be set to support this operation:

`LE_DRY_RUN_EMAIL`

This email is used when generating a new certificate. Normally the email is taken from an "email" sub-claim of a requesting user, but in case of dry-run, no email is available, and a pre-defined email must be used instead.

`LE_DRY_RUN_DOMAIN`

A test certificate is issued by Let's Encrypt for this domain name. Normally, the requesting user would specify the domain name to issue a certificate for.

Production mode

`AKEYLESS_ACCESS_ID`

Each Akeyless API Gateway instance is associated with an Auth Method. Producers running in the same API Gateway use this Auth Method to communicate with Akeyless. In order to prove that the requests received by this producer were issued by an authorized producer, its access ID must be specified at deployment time. Access credentials issued by another access ID must not be accepted by this producer to prevent abuse.

`AKEYLESS_ITEM_NAME`

This is an optional variable that allows to specify the name of dynamic secret producer that is allowed to issue requests to this custom producer. For example, if a single API Gateway manages more than a single custom producer, a particular Let's Encrypt producer deployment may be limited to only one of them. This name should be the full item name, including the leading /.

Directories ¶

Path	Synopsis
bin
cmd
lambda
internal
producer Package producer implements Let's Encrypt certificate automation using Akeyless Dynamic Secrets.	Package producer implements Let's Encrypt certificate automation using Akeyless Dynamic Secrets.
webhook Package webhook wraps Let's Encrypt custom producer with HTTP API.	Package webhook wraps Let's Encrypt custom producer with HTTP API.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL