# CertPusher Automated SSL certificate distribution tool for deploying certificates to multiple remote servers via SSH/SCP. ## Features - **Multi-server deployment**: Deploy certificates to unlimited number of servers - **Smart certificate comparison**: Checks if remote certificate needs updating via HTTPS - **Flexible SSH authentication**: Global or per-host SSH key configuration - **Post-deployment commands**: Execute commands after certificate upload (reload services, etc.) - **Comprehensive logging**: Debug-level logging with timestamped log files - **Safe execution**: Compares certificates before uploading to avoid unnecessary restarts ## Installation git clone https://github.com/yourusername/certpusher.git cd certpusher pip install -r requirements.txt ## Configuration 1. Copy the example configuration: cp config.ini.example config.ini 2. Edit `config.ini` with your server details: ### Global Section - `source_cert_path`: Path to the SSL certificate to distribute - `default_ssh_key`: Default SSH private key path ### Host Sections Each host requires: - `hostname`: IP address or hostname - `port`: SSH port (default: 22) - `username`: SSH username - `remote_cert_path`: Destination path for the certificate - `post_upload_command`: Command to run after upload (optional) - `check_url`: HTTPS URL to check current certificate (optional) - `ssh_key_path`: Override default SSH key (optional) ## Usage python certpusher.py config.ini ## SSH Key Setup Generate SSH key for authentication: ssh-keygen -t ed25519 -f ~/.ssh/certpusher_key ssh-copy-id -i ~/.ssh/certpusher_key.pub user@remote-host 2025-10-26 22:00:00 - CertPusher - INFO - ============================================================ 2025-10-26 22:00:00 - CertPusher - INFO - CertPusher - SSL Certificate Distribution Tool 2025-10-26 22:00:00 - CertPusher - INFO - ============================================================ 2025-10-26 22:00:01 - CertPusher - INFO - Processing host: webserver1 2025-10-26 22:00:02 - CertPusher - INFO - ✓ Successfully processed webserver1 ## Security Considerations - Store SSH private keys securely with proper permissions (chmod 600) - Use dedicated SSH keys for certificate deployment - Limit SSH key access with `authorized_keys` restrictions - Consider using SSH certificates for enhanced security - Rotate SSH keys regularly ## License MIT License