在kubernetes集群中自动化更新ssl证书（针对于存储在secrete的ssl证书）

需要手动执行一次，用以初始化配置文件，并依据《SSL证书获取脚本》进行配置填写

#! /bin/bash

#需要手动执行一次，用以初始化配置文件
DOMAIN_NAMES="example.com *.example.com" # 需要申请ssl证书的域名，多个域名用空格隔开
EMAIL="example@example.com" # CloudFlare账户的邮箱
APIKEY="XXXX" # CloudFlare账户的Global API Key

if [ ! -d "$HOME/.get-ssl" ];
then
mkdir $HOME/.get-ssl
mkdir $HOME/.get-ssl/secrets
mkdir $HOME/.get-ssl/etc

cat <<EOF | tee $HOME/.get-ssl/secrets/cloudflare.ini
# Cloudflare API credentials used by Certbot
dns_cloudflare_email = $EMAIL
dns_cloudflare_api_key = $APIKEY
EOF

for var in $DOMAIN_NAMES
do
    echo "************"
    echo $var
    echo "************"

    docker run -it --rm --name certbot \
    -v $HOME/.get-ssl/etc:/etc/letsencrypt \
    -v $HOME/.get-ssl/secrets:/.secrets \
    certbot/dns-cloudflare certonly \
    --dns-cloudflare-credentials /.secrets/cloudflare.ini \
    --dns-cloudflare-propagation-seconds 60 \
    --server https://acme-v02.api.letsencrypt.org/directory \
    -d $var
done

else
    docker run -it --rm --name certbot \
    -v $HOME/.get-ssl/etc:/etc/letsencrypt \
    -v $HOME/.get-ssl/secrets:/.secrets \
    certbot/dns-cloudflare renew
fi

kubectl delete secret example.com -n default
kubectl create secret tls example.com -n default --cert=$HOME/.get-ssl/etc/live/example.com/fullchain.pem --key=$HOME/.get-ssl/etc/live/example.com/privkey.pem
kubectl delete secret all.example.com -n default
kubectl create secret tls all.example.com -n default --cert=$HOME/.get-ssl/etc/live/example.com-0001/fullchain.pem --key=$HOME/.get-ssl/etc/live/example.com-0001/privkey.pem

发送评论编辑评论

发送评论 编辑评论

推荐文章

发送评论编辑评论