certwrapper
certwrapper
is a wrapper that requests and maintains a certificate from an ACME server (such as
Let's Encrypt), and then runs another program that will make use of it.
The certificate is refreshed before it is due to expire, and the underlying process is SIGHUP'd.
This is designed to be used by other services that accept PEM certificates but don't have their
own way of requesting ACME certificates; it's a bit nicer than having separate scripts to manage
the process, especially if you're running the service in a container.
Usage: certwrapper [options] /path/to/target [target options]
Certwrapper options:
-acme-email string
E-mail address to supply to the ACME server.
-acme-endpoint string
ACME endpoint to request certificates from. (default "https://acme-v02.api.letsencrypt.org/directory")
-certificate-path string
Path to save the certificate. (default "cert/certificate.pem")
-dns-provider string
DNS provider to use. See https://go-acme.github.io/lego/dns/.
-domains string
Comma-separated list of domains to request on the certificate.
-issuer-path string
Path to save the issuer's certificate. (default "cert/issuer.pem")
-key-type string
Type of private key to use when generating a certificate. (default "P384")
-private-key-path string
Path to save the private key. (default "cert/privatekey.pem")
-user-path string
Path to save user registration data. (default "cert/user.json")
acme-email
, domains
and dns-provider
are required options. Everything else has sensible defaults.
The dns-provider option must be set to one of the providers supported by Lego.
Configuration for individual providers is done via environment variables, which are documented on the Lego provider
page.
certwrapper will connect the target binary's stdin, stderr and stdout to its own. It will also relay any
SIGINT, SIGTERM, SIGHUP, SIGUSR1 and SIGUSR2 signals to the child process.