This is a basic script that helps to automate most parts of a certificate request from the Encryption Everywhere service (DigiCert) via CertCenter.
This script requires manual DNS record creation. If you're using AWS Route 53, see certcenter-r53-cert-request for a completely automated solution.
What it does:
- Checks the domain against CertCenter for eligibility
- Requests domain validation challenge (TXT record)
- Presents TXT record value and waits for user confirmation
- Tests public DNS for TXT record presence
- Submits the CSR for signing
- Dumps out the signed cert with chain
Create a file named 'config' (no extension) with the contents below and fill in the appropriate values.
[CertCenter]
client_id =
client_secret =
product_code = AlwaysOnSSL.AlwaysOnSSL
cert_validity_period = 365
request_cert.py -f/--fqdn <subject-fqdn> -c/--csr <csr-filename> [-v/--validity <days>]
Required Arguments:
--fqdn / -f: The FQDN from the CN--c / -c: the filename of the CSR
Optional Arguments:
--days / -d: override validity from config file (1-365)--verbose / -v: verbose logging
request_cert.py --fqdn=host.domain.com --csr=host.csr
request_cert.py -f host.domain.com -c host.csr
- Fixed token caching
- Fixed an issue where the root certificate and extra blank lines were included in the chained output due to an undocumented change by DigiCert
- Initial release
This repo is licensed under the MIT License - see the LICENSE file for details
Author: @timcappalli