Skip to content

Instantly share code, notes, and snippets.

@teecee1
Forked from anthonyraymond/acme-cert-dump-all.py
Last active May 6, 2020 11:04
Show Gist options
  • Save teecee1/43083acb366c21547e879f1c908dbb9f to your computer and use it in GitHub Desktop.
Save teecee1/43083acb366c21547e879f1c908dbb9f to your computer and use it in GitHub Desktop.
Dump all certificates from Traefik's acme.json to .pem and .key files (traefik 2.0 with letsencrypt)
#!/usr/bin/env python
import argparse
import base64
import json
import os
def main():
parser = argparse.ArgumentParser(
description="Dump all certificates out of Traefik's acme.json file")
parser.add_argument('acme_json', help='path to the acme.json file')
parser.add_argument('dest_dir',
help='path to the directory to store the certificate')
args = parser.parse_args()
certs = read_certs(args.acme_json)
print('Found certs for %d domains' % (len(certs)/2,))
for domain, cert in certs.items():
print('Writing cert for domain %s' % (domain,))
write_cert(args.dest_dir, domain, cert)
print('Done')
def write_cert(storage_dir, domain, cert_content):
if domain[-3:] <> 'key':
cert_path = os.path.join(storage_dir, '%s.pem' % (domain,))
else:
cert_path = os.path.join(storage_dir, '%s.key' % (domain[:-3],))
with open(cert_path, 'wb', 0o660) as cert_file:
cert_file.write(cert_content)
if domain[-3:] <> 'key':
os.chmod(cert_path, 0o666)
else:
os.chmod(cert_path, 0o600)
def read_certs(acme_json_path):
with open(acme_json_path) as acme_json_file:
acme_json = json.load(acme_json_file)
certs_json = acme_json['myresolver']['Certificates']
certs = {}
for cert in certs_json:
domain = cert['domain']['main']
domain_cert = cert
# Only get the first cert (should be the most recent)
if domain not in certs:
print("domain: %s " % (domain,))
# aaa = base64.b64decode(domain_cert['certificate'])
# certs[domain] = b''.join(base64.b64decode(domain_cert['certificate']))
# certs[domain+"key"] = b''.join(base64.b64decode(domain_cert['key']))
certs[domain] = to_pem_data(domain_cert,'certificate')
certs[domain+'key'] = to_pem_data(domain_cert,'key')
else:
print("***** double domain: %s " % (domain,))
return certs
def to_pem_data(json_cert, cert_key):
# print(json_cert)
return b''.join(base64.b64decode(json_cert[cert_key]))
if __name__ == '__main__':
main()
@teecee1
Copy link
Author

teecee1 commented May 6, 2020

divided into two files for eych domain:
a) .key with 0o600
b) .pem with 0o666

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment