Skip to content

Instantly share code, notes, and snippets.

@danicuki

danicuki/Cretificado.md

Last active May 26, 2020 14:33
Show Gist options
  • Save danicuki/405abad58700c1448eff8d974b2a81c7 to your computer and use it in GitHub Desktop.
Save danicuki/405abad58700c1448eff8d974b2a81c7 to your computer and use it in GitHub Desktop.
Download ZIP
Update GCP Certificate using Lets Encrypt
Raw
Cretificado.md

Setup

mkdir -p certbot/certificates
mkdir certbot/logs
cd certbot

Novo Certificado

docker pull certbot/certbot && docker run --rm -it --name certbot \
  -v `pwd`/certificates:/etc/letsencrypt \
  -v `pwd`/logs:/var/lib/letsencrypt \
  certbot/certbot:latest \
  certonly \
  --manual \
  -d "*.pravaler.com.br" \
  -d pravaler.com.br \
  --preferred-challenges dns \
  --agree-tos \
  --manual-public-ip-logging-ok

Observação

Talvez seja necessário atualizar o record TXT _acme-challenge.pravaler.com.br no nosso DNS com os valores printados pelo comando acima.

Para verificar o record atual: host -t TXT _acme-challenge.pravaler.com.br.

Para atualizar esse record clique aqui.

Subir certificado no Google Cloud

certificate=letsencrypt-`date "+%Y-%m-%d"`

gcloud compute ssl-certificates create $certificate \
  --certificate=`pwd`/certificates/live/pravaler.com.br/fullchain.pem \
  --private-key=`pwd`/certificates/live/pravaler.com.br/privkey.pem

gcloud compute target-https-proxies update <lb1-name> \
  --ssl-certificates $certificate

gcloud compute target-https-proxies update <lb2-name> \
  --ssl-certificates $certificate

kubectl patch ing cluster1 -p \
  "{""\"metadata""\":{""\"annotations""\":{""\"ingress.gcp.kubernetes.io/pre-shared-cert""\":""\"$certificate""\"}}}"

kubectl patch ing cluster2 -p \
  "{""\"metadata""\":{""\"annotations""\":{""\"ingress.gcp.kubernetes.io/pre-shared-cert""\":""\"$certificate""\"}}}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment