Skip to content

Instantly share code, notes, and snippets.

@peterc
Created December 12, 2020 01:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save peterc/3808c3ba2d161f5df70fe8857c398035 to your computer and use it in GitHub Desktop.
Save peterc/3808c3ba2d161f5df70fe8857c398035 to your computer and use it in GitHub Desktop.
Copy a TLS certificate and private key from DNSimple to Linode Object Storage
# dnsimple_ssl_to_linode_object_storage.rb
# Copy a certificate stored on DNSimple to Linode Object Storage
#
# Depends on 'http' gem
#
# Requires environment settings as such:
# LINODE_TOKEN=[API token]
# LINODE_REGION=[region of your object storage bucket]
# DNSIMPLE_TOKEN=[API token]
# DNSIMPLE_DOMAIN=example.com
# LINODE_DOMAIN=bucket.example.com
# DNSIMPLE_ID=[account ID, usually a number]
# CERTIFICATE_ID=[get from the end of the URL
# when you hover over the cert in the DNSimple admin!]
require 'json'
require 'http'
# Fetch TLS certificates and private key from DNSimple
res = HTTP["Content-Type" => "application/json", "Authorization" => "Bearer #{ENV['DNSIMPLE_TOKEN']}"].get("https://api.dnsimple.com/v2/#{ENV['DNSIMPLE_ID']}/domains/#{ENV['DNSIMPLE_DOMAIN']}/certificates/#{ENV['CERTIFICATE_ID']}/download")
raise "Failed to get certificate" unless res.code == 200
certs = JSON.parse(res.body.to_s)['data']
cert = certs['server'] + certs['chain'].join("\n")
res = HTTP["Content-Type" => "application/json", "Authorization" => "Bearer #{ENV['DNSIMPLE_TOKEN']}"].get("https://api.dnsimple.com/v2/#{ENV['DNSIMPLE_ID']}/domains/#{ENV['DNSIMPLE_DOMAIN']}/certificates/#{ENV['CERTIFICATE_ID']}/private_key")
raise "Failed to get private key" unless res.code == 200
pkey = JSON.parse(res.body.to_s)['data']['private_key']
# Delete existing SSL certificate on Linode Object Storage, if any
res = HTTP["Content-Type" => "application/json", "Authorization" => "Bearer #{ENV['LINODE_TOKEN']}"].delete("https://api.linode.com/v4/object-storage/buckets/#{ENV['LINODE_REGION']}/#{ENV['LINODE_DOMAIN']}/ssl")
raise "Couldn't delete existing certificate" unless res.code == 200
# Upload SSL certificate to Linode Object Storage
res = HTTP["Content-Type" => "application/json", "Authorization" => "Bearer #{ENV['LINODE_TOKEN']}"].post("https://api.linode.com/v4/object-storage/buckets/#{ENV['LINODE_REGION']}/#{ENV['LINODE_DOMAIN']}/ssl", json: {"certificate" => cert, "private_key" => pkey})
raise "Couldn't upload certificate" unless res.code == 200
puts res.body.to_s
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment