Automate Let's Encrypt certificate issuance, renewal and synchronize with CleverCloud (or any API-drivable hosting service).
Let's automate allows you to create Let's Encrypt certificates and publish them to Clever Cloud with automatic renewal (or any API-drivable hosting service if you want to contribute). Let's automate needs an OVH account in order to create DNS records to perform the Let's Encrypt DNS challenge. Let's automate is also integrated with Slack so all the events may be published to a dedicated topic.
Let's Automate is integrated with Otoroshi (only used for authentication), OVH, Clever Cloud and Slack. For the moment there is no other providers available. If you need this tool with any other DNS provider or hosting provider your contributions are welcome!
git clone https://github.com/MAIF/lets-automate.git
cd javascript
yarn install
yarn build
cd ..
gradlew shadowJar
The jar file is located in the folder build/libs/letsautomate-shadow.jar
First you need to get a token to access ovh apis
https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/
curl -XPOST -H "X-Ovh-Application: YOUR_APPLICATION_ID" -H "Content-type: application/json" \
https://eu.api.ovh.com/1.0/auth/credential -d '{
"accessRules": [
{
"method": "GET",
"path": "/*"
},
{
"method": "POST",
"path": "/*"
},
{
"method": "PUT",
"path": "/*"
},
{
"method": "DELETE",
"path": "/*"
}
],
"redirection":"https://localhost:8080"
}' --include
HTTP/1.1 200 OK
Date: Mon, 25 Jun 2018 08:57:43 GMT
Server: Apache
X-OVH-QUERYID: FR.ws-3.5b30ae87.26037.1707
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
{"validationUrl":"https://eu.api.ovh.com/auth/?credentialToken=A_CREDENTIAL_TOKEN","consumerKey":"A_CONSUMER_KEY","state":"pendingValidation"}%
Then go to the validation url and log in.
Set the consumer key, your application id and secret in the configuration file.
System Property | Env variable | Default |
---|---|---|
env | ENV | dev |
http.port | HTTP_PORT | 8080 |
http.host | HTTP_HOST | 0.0.0.0 |
logout | LOGOUT_URL | |
certificates.pollingInterval.period | LETSENCRYPT_POLLING_PERIOD | 5 |
certificates.pollingInterval.unit | LETSENCRYPT_POLLING_UNIT | HOUR |
ovh.applicationKey | OVH_APPLICATION_KEY | |
ovh.applicationSecret | OVH_APPLICATION_SECRET | |
ovh.consumerKey | OVH_CONSUMER_KEY | |
ovh.host | OVH_HOST | https://api.ovh.com |
letsencrypt.server | LETSENCRYPT_SERVER | acme://letsencrypt.org/staging |
letsencrypt.accountId | LETSENCRYPT_ACCOUNT_ID | account |
postgres.host | POSTGRESQL_ADDON_HOST | localhost |
postgres.port | POSTGRESQL_ADDON_PORT | 5432 |
postgres.database | POSTGRESQL_ADDON_DB | lets_automate |
postgres.username | POSTGRESQL_ADDON_USER | default_user |
postgres.password | POSTGRESQL_ADDON_PASSWORD | password |
clevercloud.host | CLEVER_HOST | https://api.clever-cloud.com/ |
clevercloud.consumerKey | CLEVER_CONSUMER_KEY | |
clevercloud.consumerSecret | CLEVER_CONSUMER_SECRET | |
clevercloud.clientToken | CLEVER_CLIENT_TOKEN | |
clevercloud.clientSecret | CLEVER_CLIENT_SECRET | |
otoroshi.headerRequestId | FILTER_REQUEST_ID_HEADER_NAME | |
otoroshi.headerGatewayStateResp | FILTER_GATEWAY_STATE_RESP_HEADER_NAME | |
otoroshi.headerGatewayState | FILTER_GATEWAY_STATE_HEADER_NAME | |
otoroshi.headerClaim | FILTER_CLAIM_HEADER_NAME | |
otoroshi.sharedKey | CLAIM_SHAREDKEY | |
otoroshi.issuer | OTOROSHI_ISSUER | |
slack.token | SLACK_TOKEN | |
slack.channel | SLACK_CHANNEL | |
slack.url | SLACK_URL | https://slack.com/api |
java -jar letsautomate-shadow.jar \
-Denv=prod \
-Dovh.applicationKey=xxxx \
-Dovh.applicationSecret=xxxx \
-Dovh.consumerKey=xxxx \
-Dletsencrypt.server=acme://letsencrypt.org \
-Dclevercloud.consumerKey=xxxx \
-Dclevercloud.consumerSecret=xxxx \
-Dclevercloud.clientToken=xxxx \
-Dclevercloud.clientSecret=xxxx \
-Dslack.token=xxxx \
-Dslack.channel=xxxx
First create a postgresql add on.
Then create a java app and set the following env variables :
APP_ENV=prod
CACHE_DEPENDENCIES=true
CC_PRE_BUILD_HOOK=./clevercloud/hook.sh
CLEVER_CLIENT_SECRET=xxxx
CLEVER_CLIENT_TOKEN=xxxx
CLEVER_CONSUMER_KEY=xxxx
CLEVER_CONSUMER_SECRET=xxxx
CLEVER_HOST=https://api.clever-cloud.com
ENV=prod
JAVA_VERSION=8
LETSENCRYPT_ACCOUNT_ID=account
LETSENCRYPT_POLLING_PERIOD=1
LETSENCRYPT_POLLING_UNIT=HOURS
LETSENCRYPT_SERVER=acme://letsencrypt.org
OVH_APPLICATION_KEY=xxxx
OVH_APPLICATION_SECRET=xxxx
OVH_CONSUMER_KEY=xxxx
OVH_HOST=https://api.ovh.com
PORT=8080
SLACK_CHANNEL=xxxx
SLACK_TOKEN=xoxb-xxx
docker-compose up
OVH_APPLICATION_KEY=xxxx OVH_APPLICATION_SECRET=xxxx OVH_CONSUMER_KEY=xxxx ./gradlew run -P env=dev
cd javascript
yarn install
yarn start