Skip to content
/ acai Public

This program installs LetsEncrypt SSL certificates into Acquia environments.

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Bixal/acai

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
acai
acai
 
 
debian
debian
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

ACAI - Acquia Cert Automatic Installer

This program installs LetsEncrypt SSL certificates into Acquia environments.

Requirements

This program requires Python 3.x and the Python Acquia Cloud API v2 library with the SSL management patch applied.

Configuration

The program looks in /etc/acai.conf and ~/.acai.conf for environment definitions. The config files are in INI format. Each environment is its own section in the config file, and the DEFAULT section provides global values that can be overridden in a section.

Example:

[DEFAULT]
acquia_environment=prod
api_key=a26a25ad-69fb-4348-a7ac-bdd0a60849af
api_secret=TW9zdCBzZWN1cmUgcGFzc3dvcmQgaXMgPGVudGVyPi4=
application=7eff4747-4733-4070-9002-353c1dcdd090

[my-app.dev]
cert_name=myapp.bxdev.net
acquia_environment=dev

[my-app.stage]
cert_name=myapp.bxstage.net
acquia_environment=test

[another-app.prod]
application=7eff4747-4733-4070-9002-353c1dcdd090
api_key=070bdfe5-d106-40b0-a110-4882d8929669
api_secret=VmFjaGVzIGJsZXVlcyBsZSBtYXRpbiwgY2jDqXJpZS4=
cert_name=stage.another-app.com
acquia_environment=prod

  • The INI section name (e.g., my-app.dev) is only used by the acai.py app, and does not need to map to anything at Acquia or the site's hostname.

  • The api_key and api_secret are generated in your Acquia account. See the Acquia documentation for details.

  • The cert_name is the directory /etc/letsencrypt/live/[cert_name] that contains the cert, key, and chain.

  • The application is the Application UUID. You can find this by logging into Acquia Cloud and clicking "Product Keys" on the left. It is also in the URL for your dashboard: https://cloud.acquia.com/a/applications/[application-uuid]/.

  • The acquia_environment is the name of the environment at Acquia, typically one of dev, test, prod or ra.

  • The /etc/acai.conf and ~/.acai.conf files should have restrictive permissions.

Usage

With the environments defined, the certs can be installed by running:

# acai.py my-app.dev

It doesn't have to run as root. It needs to be able to read the letsencrypt certs (typically owned by root) and the /etc/acai.conf file to fetch the Acquia API creds.

This can be set up as a renewal hook triggered by certbot by editing the /etc/letsencrypt/renew/[cert_name].conf and adding a renew_hook to the [renewalparams] section.

[renewalparams]
renew_hook = /usr/bin/acai.py my-app.dev

About

This program installs LetsEncrypt SSL certificates into Acquia environments.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

9 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published