Created
November 18, 2019 01:39
-
-
Save Tugzrida/49623bb6d93be53633e06895021ec17a to your computer and use it in GitHub Desktop.
Automatically acknowledge Certbot renewals on Cert Spotter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# v0.1 Created by Tugzrida(https://gist.github.com/Tugzrida) | |
# Dependencies: python, requests | |
# Add your Cert Spotter API key below, then save this script to | |
# /etc/letsencrypt/renewal-hooks/deploy/certspotter_acknowledge with execute permissions. | |
# Any certificates renewed by this instance of Certbot will then be automatically | |
# marked as acknowledged on Cert Spotter to reduce notifications for legitimate | |
# certificates. New certificates will not be acknowledged, as Certbot hooks only | |
# run on renewal, however this is probably the desired behaviour anyway. | |
# Your Cert Spotter API key (https://sslmate.com/account/api_credentials) | |
API_KEY="YOUR_KEY" | |
from os import environ, path | |
from requests import post | |
certPath = path.join(environ['RENEWED_LINEAGE'], 'cert.pem') | |
print("Sending contents of {} to Cert Spotter to whitelist".format(certPath)) | |
with open(certPath) as cert: | |
post("https://sslmate.com/api/v3/monitoring/known_certs", data=cert.read(), headers={'Content-Type': 'application/x-pem-file', 'Authorization': 'Bearer ' + API_KEY}) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment