mirror of
https://github.com/SnowMB/traefik-certificate-extractor.git
synced 2025-09-18 21:24:31 +08:00
Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
97e71b2b5c | ||
|
|
7842e09181 | ||
|
|
9701cb9219 | ||
|
|
d94604591e | ||
|
|
0f77fa2960 | ||
|
|
6aa38b7a93 |
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,4 +1,5 @@
|
||||
certs/
|
||||
certs_flat/
|
||||
data/
|
||||
|
||||
# Python ignores
|
||||
|
||||
@@ -15,4 +15,4 @@ RUN pip3 install -r requirements.txt
|
||||
COPY . /app
|
||||
|
||||
# Define entrypoint of the app
|
||||
ENTRYPOINT ["python3", "extractor.py"]
|
||||
ENTRYPOINT ["python3", "-u", "extractor.py"]
|
||||
|
||||
15
README.md
15
README.md
@@ -5,6 +5,7 @@ Tool to extract Let's Encrypt certificates from Traefik's ACME storage file.
|
||||
## Installation
|
||||
```
|
||||
git clone https://github.com/DanielHuisman/traefik-certificate-extractor
|
||||
cd traefik-certificate-extractor
|
||||
```
|
||||
|
||||
## Usage
|
||||
@@ -13,6 +14,13 @@ python3 extractor.py [directory]
|
||||
```
|
||||
Default directory is `./data`. The output directory is `./certs`.
|
||||
|
||||
## Docker
|
||||
There is a Docker image available for this tool: [danielhuisman/traefik-certificate-extractor](https://hub.docker.com/r/danielhuisman/traefik-certificate-extractor/).
|
||||
Example run:
|
||||
```
|
||||
docker run --name extractor -d -v /srv/extractor/data:/app/data -v /srv/extractor/certs:/app/certs danielhuisman/traefik-certificate-extractor
|
||||
```
|
||||
|
||||
## Output
|
||||
```
|
||||
certs/
|
||||
@@ -26,4 +34,11 @@ certs/
|
||||
chain.pem
|
||||
fullchain.pem
|
||||
privkey.pem
|
||||
certs_flat/
|
||||
example.com.crt
|
||||
example.com.key
|
||||
example.com.chain.pem
|
||||
sub.example.nl.crt
|
||||
sub.example.nl.key
|
||||
sub.example.nl.chain.pem
|
||||
```
|
||||
|
||||
55
extractor.py
55
extractor.py
@@ -21,19 +21,38 @@ class Handler(FileSystemEventHandler):
|
||||
|
||||
# Read JSON file
|
||||
data = json.loads(open(event.src_path).read())
|
||||
certs = data['DomainsCertificate']['Certs']
|
||||
|
||||
# Determine ACME version
|
||||
acme_version = 2 if 'acme-v02' in data['Account']['Registration']['uri'] else 1
|
||||
|
||||
# Find certificates
|
||||
if acme_version == 1:
|
||||
certs = data['DomainsCertificate']['Certs']
|
||||
elif acme_version == 2:
|
||||
certs = data['Certificates']
|
||||
|
||||
# Loop over all certificates
|
||||
for c in certs:
|
||||
if acme_version == 1:
|
||||
name = c['Certificate']['Domain']
|
||||
privatekey = c['Certificate']['PrivateKey']
|
||||
fullchain = c['Certificate']['Certificate']
|
||||
sans = c['Domains']['SANs']
|
||||
elif acme_version == 2:
|
||||
name = c['Domain']['Main']
|
||||
privatekey = c['Key']
|
||||
fullchain = c['Certificate']
|
||||
sans = c['Domains']['SANs']
|
||||
|
||||
# Decode private key, certificate and chain
|
||||
privatekey = b64decode(c['Certificate']['PrivateKey']).decode('utf-8')
|
||||
fullchain = b64decode(c['Certificate']['Certificate']).decode('utf-8')
|
||||
privatekey = b64decode(privatekey).decode('utf-8')
|
||||
fullchain = b64decode(fullchain).decode('utf-8')
|
||||
start = fullchain.find('-----BEGIN CERTIFICATE-----', 1)
|
||||
cert = fullchain[0:start]
|
||||
chain = fullchain[start:]
|
||||
|
||||
# Create domain directory if it doesn't exist
|
||||
directory = 'certs/' + c['Certificate']['Domain'] + '/'
|
||||
directory = 'certs/' + name + '/'
|
||||
try:
|
||||
os.makedirs(directory)
|
||||
except OSError as error:
|
||||
@@ -53,18 +72,42 @@ class Handler(FileSystemEventHandler):
|
||||
with open(directory + 'fullchain.pem', 'w') as f:
|
||||
f.write(fullchain)
|
||||
|
||||
print('Extracted certificate for: ' + c['Domains']['Main'] + (', ' + ', '.join(c['Domains']['SANs']) if c['Domains']['SANs'] else ''))
|
||||
# Write private key, certificate and chain to flat files
|
||||
directory = 'certs_flat/'
|
||||
|
||||
with open(directory + name + '.key', 'w') as f:
|
||||
f.write(privatekey)
|
||||
with open(directory + name + '.crt', 'w') as f:
|
||||
f.write(fullchain)
|
||||
with open(directory + name + '.chain.pem', 'w') as f:
|
||||
f.write(chain)
|
||||
|
||||
if sans:
|
||||
for name in sans:
|
||||
with open(directory + name + '.key', 'w') as f:
|
||||
f.write(privatekey)
|
||||
with open(directory + name + '.crt', 'w') as f:
|
||||
f.write(fullchain)
|
||||
with open(directory + name + '.chain.pem', 'w') as f:
|
||||
f.write(chain)
|
||||
|
||||
print('Extracted certificate for: ' + name + (', ' + ', '.join(sans) if sans else ''))
|
||||
|
||||
if __name__ == "__main__":
|
||||
# Determine path to watch
|
||||
path = sys.argv[1] if len(sys.argv) > 1 else './data'
|
||||
|
||||
# Create output directory if it doesn't exist
|
||||
# Create output directories if it doesn't exist
|
||||
try:
|
||||
os.makedirs('certs')
|
||||
except OSError as error:
|
||||
if error.errno != errno.EEXIST:
|
||||
raise
|
||||
try:
|
||||
os.makedirs('certs_flat')
|
||||
except OSError as error:
|
||||
if error.errno != errno.EEXIST:
|
||||
raise
|
||||
|
||||
# Create event handler and observer
|
||||
event_handler = Handler()
|
||||
|
||||
Reference in New Issue
Block a user