certmanager

command

v0.5.0 Latest Latest Go to latest Published: Feb 17, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Cloud-Foundations/golib

Links

Open Source Insights

README ¶

certmanager

X.509 Web Certificate Manager.

The certmanager issues requests and periodic renewals for X.509 certificates suitable for Web (HTTPS) services. It is a simple wrapper around the certmanager package. This package supports using remote locks and secrets managers so that a cluster of Web servers may safely request and share a public certificate, without exhausting certificate request quotas.

It may be used for debugging code and configuration as well as run as a standard system daemon to provide certificates for a Web server (i.e. Apache). In the latter case it provides some of the features of certbot however it is simpler to configure and has the above mentioned capabilities to safely request certificates for a cluster of Web servers.

Status page

The certmanager provides a web interface on port 6940 which shows a status page, links to built-in dashboards and access to performance metrics and logs. If certmanager is running on host myhost then the URL of the main status page is http://myhost:6940/.

Configuration

Configuration is performed using command-line flags. There are many command-line flags which may change the behaviour of certmanager but many have defaults which should be adequate for most deployments. Built-in help is available with the command:

certmanager -h

The /etc/certmanager/flags.default and /etc/certmanager/flags.extra are read at startup (in that order), overriding built-in defaults. Options given on the command-line are processed last (and take precedence).

Debugging (command-line) mode

In this mode you may prefer to receive logs on the standard error and not write to a logfile. The following options are recommended:

-alsoLogToStderr=true -logDir=

Note that even in debugging mode, certmanager will run until interrupted, requesting new certificates periodically (about every 60 days).

Daemon (server) mode

By default certmanager will request testing certificates which are not trusted. This default is intended to prevent the accidental exhaustion of certificate request quota (5 per FQDN per week with Let's Encrypt). Once you are confident of your configuration, use the following option:

-production=true

Restarting a service

If you are running certmanager to provide certificates for a Web server such as Apache, use the following option:

-notifierCommand='service apache reload'

Redirecting HTTP to HTTPS

If you wish to redirect HTTP requests to the HTTPS Web server, use the following option:

-redirect=true

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL