Extract certificates from acme.json created by traefik.
Using traefik to do the work of certbot is good, but sometimes you have other services that need access to the certificate, this CLI tool extracts them out so you can use them outside of traefik.
Usage:
traefik-acme <domain> [flags]
Flags:
-a, --acme string Location of acme.json file (default "/etc/traefik/acme.json")
-c, --cert string Location to write out certificate (default "cert.pem")
-r, --certificate-resolver string Certificate Resovler name from traefik config (default "acme")
-d, --debug Debug output
--exit-code Exit with exit-code 99 if files updated
--force Force writing to file even if not updated
-h, --help help for traefik-acme
-k, --key string Location to write out key file (default "key.pem")
-v, --version version for traefik-acme
Running from command line, myresolver
is the name of the certificate resolver defined in your traefik configuration. Example from the documentation [certificatesResolvers.myresolver.acme]
would mean using myresolver
as the parameter.
traefik-acme -r myresolver -a /config/acme.json -c /etc/service/cert.pem -k /etc/service/key.pem servicename.domain.com
If you want to use it in a script (for cron)
traefik-acme --exit-code -r mycertresolver -a /config/acme.json -c /etc/service/cert.pem -k /etc/service/key.pem servicename.domain.com
if [ $? == 99 ]; then
systemctl reload service
fi
Running from command line.
traefik-acme -a /config/acme.json -c /etc/service/cert.pem -k /etc/service/key.pem servicename.domain.com
If you want to use it in a script (for cron)
traefik-acme --exit-code -a /config/acme.json -c /etc/service/cert.pem -k /etc/service/key.pem servicename.domain.com
if [ $? == 99 ]; then
systemctl reload service
fi
docker run --rm \
-v "/docker/traefik/config/:/input" \
-v "/docker/myservice/certs:/output" \
--workdir /output \
ghcr.io/na4ma4/traefik-acme:latest --acme "/input/acme.json" domain.example.com
The example expects the acme.json
to be in /docker/traefik/config
and to write the cert.pem
and key.pem
to /docker/myservice/certs
.
make test
ginkgo ./src/...