78 lines
2.3 KiB
Markdown
78 lines
2.3 KiB
Markdown
# CertPusher
|
|
|
|
Automated SSL certificate distribution tool for deploying certificates to multiple remote servers via SSH/SCP.
|
|
|
|
## Features
|
|
|
|
- **Multi-server deployment**: Deploy certificates to unlimited number of servers
|
|
- **Smart certificate comparison**: Checks if remote certificate needs updating via HTTPS
|
|
- **Flexible SSH authentication**: Global or per-host SSH key configuration
|
|
- **Post-deployment commands**: Execute commands after certificate upload (reload services, etc.)
|
|
- **Comprehensive logging**: Debug-level logging with timestamped log files
|
|
- **Safe execution**: Compares certificates before uploading to avoid unnecessary restarts
|
|
|
|
## Installation
|
|
|
|
git clone https://github.com/yourusername/certpusher.git
|
|
cd certpusher
|
|
pip install -r requirements.txt
|
|
|
|
## Configuration
|
|
|
|
1. Copy the example configuration:
|
|
|
|
cp config.ini.example config.ini
|
|
|
|
2. Edit `config.ini` with your server details:
|
|
|
|
### Global Section
|
|
- `source_cert_path`: Path to the SSL certificate to distribute
|
|
- `default_ssh_key`: Default SSH private key path
|
|
|
|
### Host Sections
|
|
Each host requires:
|
|
- `hostname`: IP address or hostname
|
|
- `port`: SSH port (default: 22)
|
|
- `username`: SSH username
|
|
- `remote_cert_path`: Destination path for the certificate
|
|
- `post_upload_command`: Command to run after upload (optional)
|
|
- `check_url`: HTTPS URL to check current certificate (optional)
|
|
- `ssh_key_path`: Override default SSH key (optional)
|
|
|
|
## Usage
|
|
|
|
python certpusher.py config.ini
|
|
|
|
|
|
## SSH Key Setup
|
|
|
|
Generate SSH key for authentication:
|
|
|
|
ssh-keygen -t ed25519 -f ~/.ssh/certpusher_key
|
|
|
|
ssh-copy-id -i ~/.ssh/certpusher_key.pub user@remote-host
|
|
|
|
2025-10-26 22:00:00 - CertPusher - INFO - ============================================================
|
|
|
|
2025-10-26 22:00:00 - CertPusher - INFO - CertPusher - SSL Certificate Distribution Tool
|
|
|
|
2025-10-26 22:00:00 - CertPusher - INFO - ============================================================
|
|
|
|
2025-10-26 22:00:01 - CertPusher - INFO - Processing host: webserver1
|
|
|
|
2025-10-26 22:00:02 - CertPusher - INFO - ✓ Successfully processed webserver1
|
|
|
|
|
|
|
|
## Security Considerations
|
|
|
|
- Store SSH private keys securely with proper permissions (chmod 600)
|
|
- Use dedicated SSH keys for certificate deployment
|
|
- Limit SSH key access with `authorized_keys` restrictions
|
|
- Consider using SSH certificates for enhanced security
|
|
- Rotate SSH keys regularly
|
|
|
|
## License
|
|
|
|
MIT License
|