certmagic-admin

command

v1.87.1 Latest Latest Go to latest Published: Sep 27, 2024 License: AGPL-3.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/storj/edge

Links

Open Source Insights

README ¶

certmagic-admin

This is a tool used to interact directly with certificates stored by CertMagic.

Install

$ go install storj.io/edge/cmd/certmagic-admin

Prerequisites

To run any commands you will need:

the certificate storage bucket name
the path to a service account key file with permissions to use Google's Cloud Storage

To run obtain, renew, or revoke you also need:

permissions for the Google Public CA and Cloud DNS
the project name where the DNS zone exists
the ACME accounts email address

Usage

Example command:

$ certmagic-admin --keyfile key.json --bucket certmagic_bucket cert show www.example.com

Debug logging can be enabled by using the --log.debug flag.

Commands

List Certificates

Lists all the certificates in storage grouped by issuer.

$ certmagic-admin --keyfile <keyfile> --bucket <bucket_name> cert list

Show Certificate

Show prints a certificate in storage. If there are multiple certificates with the same name the most recent is printed. You must specify --staging to see a certificate from a staging issuer.

$ certmagic-admin --keyfile <keyfile> --bucket <bucket_name> cert show [--staging] <name>

Obtain Certificate

Obtains and stores a certificate for a domain. If the certificate is already in storage this command has no effect. Wildcard certificates are allowed. Certificates with multiple SANs are not supported.

$ certmagic-admin --keyfile <keyfile> --bucket <bucket_name> cert obtain --dnsproject <project> --email <email> [--staging] [--gpublicca] [--letsencrypt] <name>

Renew Certificate

Renew and store a certificate. Specify --force to renew a certificate that is not close to expiring.

$ certmagic-admin --keyfile <keyfile> --bucket <bucket_name> cert renew --dnsproject <project> --email <email> [--staging] [--force] <name>

Revoke certificate

Revoke a certificate and delete it from storage. Disable the issuer that did not issue the certificate being revoked with --gpublicca=false or --letsencrypt=false. The email and ACME account must be the same as the one that issued the certificate. Valid reasons are: unspecified, keyCompromise, affiliationChanged, superseded, cessationOfOperation, priviledgeWithdrawn, aACompromise. A certificate revoked, but unable to fully clean up assets from issuer error message is expected and can be safely ignored.

$ certmagic-admin --keyfile <keyfile> --bucket <bucket_name> cert revoke --email <email> [--staging] [--gpublicca] [--letsencrypt] <name> <reason>

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL