gru/certpusher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ff578b7fad97036148aa43992441ed4654ce9d44
certpusher/README.md
Mateusz Gruszczyński ff578b7fad first commit
2025-10-26 22:47:38 +01:00

73 lines
2.3 KiB
Markdown
Raw Blame History

# CertPusher
Automated SSL certificate distribution tool for deploying certificates to multiple remote servers via SSH/SCP.
## Features
- **Multi-server deployment**: Deploy certificates to unlimited number of servers
- **Smart certificate comparison**: Checks if remote certificate needs updating via HTTPS
- **Flexible SSH authentication**: Global or per-host SSH key configuration
- **Post-deployment commands**: Execute commands after certificate upload (reload services, etc.)
- **Comprehensive logging**: Debug-level logging with timestamped log files
- **Safe execution**: Compares certificates before uploading to avoid unnecessary restarts
## Installation
git clone https://github.com/yourusername/certpusher.git
cd certpusher
pip install -r requirements.txt
## Configuration
1. Copy the example configuration:
cp config.ini.example config.ini
2. Edit `config.ini` with your server details:
### Global Section
- `source_cert_path`: Path to the SSL certificate to distribute
- `default_ssh_key`: Default SSH private key path
### Host Sections
Each host requires:
- `hostname`: IP address or hostname
- `port`: SSH port (default: 22)
- `username`: SSH username
- `remote_cert_path`: Destination path for the certificate
- `post_upload_command`: Command to run after upload (optional)
- `check_url`: HTTPS URL to check current certificate (optional)
- `ssh_key_path`: Override default SSH key (optional)
## Usage
python certpusher.py config.ini
## SSH Key Setup
Generate SSH key for authentication:
ssh-keygen -t ed25519 -f ~/.ssh/certpusher_key
ssh-copy-id -i ~/.ssh/certpusher_key.pub user@remote-host
2025-10-26 22:00:00 - CertPusher - INFO - ============================================================
2025-10-26 22:00:00 - CertPusher - INFO - CertPusher - SSL Certificate Distribution Tool
2025-10-26 22:00:00 - CertPusher - INFO - ============================================================
2025-10-26 22:00:01 - CertPusher - INFO - Processing host: webserver1
2025-10-26 22:00:02 - CertPusher - INFO - ✓ Successfully processed webserver1
## Security Considerations
- Store SSH private keys securely with proper permissions (chmod 600)
- Use dedicated SSH keys for certificate deployment
- Limit SSH key access with `authorized_keys` restrictions
- Consider using SSH certificates for enhanced security
- Rotate SSH keys regularly
## License
MIT License
Reference in New Issue View Git Blame Copy Permalink