gru/certpusher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4fc21ff6357968047d4cf537fd37c62f8d928e82
certpusher/README.md
Mateusz Gruszczyński ff578b7fad first commit
2025-10-26 22:47:38 +01:00

2.3 KiB
Raw Blame History

CertPusher

Automated SSL certificate distribution tool for deploying certificates to multiple remote servers via SSH/SCP.

Features

  • Multi-server deployment: Deploy certificates to unlimited number of servers
  • Smart certificate comparison: Checks if remote certificate needs updating via HTTPS
  • Flexible SSH authentication: Global or per-host SSH key configuration
  • Post-deployment commands: Execute commands after certificate upload (reload services, etc.)
  • Comprehensive logging: Debug-level logging with timestamped log files
  • Safe execution: Compares certificates before uploading to avoid unnecessary restarts

Installation

git clone https://github.com/yourusername/certpusher.git cd certpusher pip install -r requirements.txt

Configuration

  1. Copy the example configuration:

cp config.ini.example config.ini

  1. Edit config.ini with your server details:

Global Section

  • source_cert_path: Path to the SSL certificate to distribute
  • default_ssh_key: Default SSH private key path

Host Sections

Each host requires:

  • hostname: IP address or hostname
  • port: SSH port (default: 22)
  • username: SSH username
  • remote_cert_path: Destination path for the certificate
  • post_upload_command: Command to run after upload (optional)
  • check_url: HTTPS URL to check current certificate (optional)
  • ssh_key_path: Override default SSH key (optional)

Usage

python certpusher.py config.ini

SSH Key Setup

Generate SSH key for authentication:

ssh-keygen -t ed25519 -f ~/.ssh/certpusher_key

ssh-copy-id -i ~/.ssh/certpusher_key.pub user@remote-host

2025-10-26 22:00:00 - CertPusher - INFO - ============================================================ 2025-10-26 22:00:00 - CertPusher - INFO - CertPusher - SSL Certificate Distribution Tool 2025-10-26 22:00:00 - CertPusher - INFO - ============================================================ 2025-10-26 22:00:01 - CertPusher - INFO - Processing host: webserver1 2025-10-26 22:00:02 - CertPusher - INFO - ✓ Successfully processed webserver1

Security Considerations

  • Store SSH private keys securely with proper permissions (chmod 600)
  • Use dedicated SSH keys for certificate deployment
  • Limit SSH key access with authorized_keys restrictions
  • Consider using SSH certificates for enhanced security
  • Rotate SSH keys regularly

License

MIT License

Reference in New Issue View Git Blame Copy Permalink