mirror of
https://github.com/SnowMB/traefik-certificate-extractor.git
synced 2025-01-19 06:19:33 +08:00
55 lines
1.7 KiB
Markdown
55 lines
1.7 KiB
Markdown
# Traefik Certificate Extractor
|
|
|
|
Forked from [DanielHuisman/traefik-certificate-extractor](https://github.com/DanielHuisman/traefik-certificate-extractor)
|
|
|
|
Tool to extract Let's Encrypt certificates from Traefik's ACME storage file. Can automatically restart containers using the docker API.
|
|
|
|
## Installation
|
|
```
|
|
git clone https://github.com/snowmb/traefik-certificate-extractor
|
|
cd traefik-certificate-extractor
|
|
```
|
|
|
|
## Usage
|
|
```
|
|
python3 extractor.py [FILE]
|
|
```
|
|
Default file is `./data/acme.json`. The output directories are `./certs` and `./certs_flat`.
|
|
|
|
## Docker
|
|
There is a Docker image available for this tool: [snowmb/traefik-certificate-extractor](https://hub.docker.com/r/snowmb/traefik-certificate-extractor/).
|
|
Example run:
|
|
```
|
|
docker run --name extractor -d \
|
|
-v /opt/traefik:/app/data \
|
|
-v ./certs:/app/certs \
|
|
-v /var/run/docker.socket:/var/run/docker.socket \
|
|
snowmb/traefik-certificate-extractor
|
|
```
|
|
Mount the whole folder containing the traefik certificate file as `/app/data`. The extracted certificates are going to be written to `/app/certs`.
|
|
The docker socket is used to find any containers with this label: `com.github.SnowMB.traefik-certificate-extractor.restart_domain=<DOMAIN>`.
|
|
If the domains of an extracted certificate and the restart domain matches, the container is restarted. Multiple domains can be given seperated by `,`.
|
|
|
|
|
|
## Output
|
|
```
|
|
certs/
|
|
example.com/
|
|
cert.pem
|
|
chain.pem
|
|
fullchain.pem
|
|
privkey.pem
|
|
sub.example.nl/
|
|
cert.pem
|
|
chain.pem
|
|
fullchain.pem
|
|
privkey.pem
|
|
certs_flat/
|
|
example.com.crt
|
|
example.com.key
|
|
example.com.chain.pem
|
|
sub.example.nl.crt
|
|
sub.example.nl.key
|
|
sub.example.nl.chain.pem
|
|
```
|