SSL and Keys automation

oneitonitram · April 27, 2022, 11:04am

I came accross the following Scripts for SSl Automation, i thought i would Share here with the community.

go-acme/lego: Let’s Encrypt/ACME client and library written in Go (github.com)
this works with dns providers.

acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol (github.com)
This is an Acme protocal client, that interfaces with other CA systems.

I will tag this post Cloudflare Automation Scripts - Howto - NethServer Community

In relation to the Acme DNS here is another: JimDunphy/acme.sh (github.com) which handles automation of ssl to other servers.

This in addition to Acme-dns on Nethserver (now with RPM-y goodness!) - Howto - NethServer Community as posted by @danb35

SSH Key Authority GitHub - operasoftware/ssh-key-authority: A tool for managing SSH key access to any number of servers.

In my View, these could provide fantastic automation for NS8 with regard to NS being the defactor mother of managing ssl and keys for other servers. i have been doing alot of reading on keys and the likes, ill add more details here as time goes.

danb35 · April 27, 2022, 12:12pm

What problem(s) are you seeing any of these solving? In what way do you see “NS being the defacto[] mother of managing ssl and keys for other servers”? Because it seems to me that the situation where you’d obtain a cert on any machine other than the one that’s going to be using it, is (and should be) quite rare–and it’d also be quite unique, in that I’d expect any such solution to need to be custom-built to specific requirements.

But if that’s what you want to do, yeah, you’re going to need a client, and these are some of the hundreds that are out there. I’m no fan of certbot, but it seems like it should make the list too. But I wouldn’t trust Jim Dunphy’s four-year-old fork of acme.sh without a lot more clarity on his purpose for his fork and what makes it different than the original.

oneitonitram · April 27, 2022, 12:36pm

i am talking about general certs and keys. like additional being able to issue. Also, TLS and SSH keys, within NS, for other use cases, using available OSI
Like SmallStep CA and Certification Authority :: Certification Authority (CA) // Docs (platynum.gitlab.io)

Also, for owned CA management