Created
February 15, 2017 21:05
-
-
Save kwellman/fa3323430d8c82395dd55af047066b07 to your computer and use it in GitHub Desktop.
Generate and output Let's Encrypt certificate for Zappa project
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os, sys | |
| from zappa.cli import ZappaCLI | |
| from zappa.util import parse_s3_url | |
| from zappa import letsencrypt | |
| # get command line arguments | |
| directory, stage, output_filename = sys.argv[1:] | |
| # change working directory | |
| owd = os.getcwd() | |
| os.chdir(directory) | |
| # initialize zappa instance | |
| cli = ZappaCLI() | |
| cli.api_stage = stage | |
| zappa_instance = cli.load_settings() | |
| zappa_instance.lambda_name = cli.lambda_name | |
| # get settings | |
| domain = cli.stage_config.get('domain') | |
| account_key_location = cli.stage_config.get('lets_encrypt_key') | |
| assert domain | |
| assert account_key_location | |
| # prepare let's encrypt key | |
| if account_key_location.startswith('s3://'): | |
| bucket, key_name = parse_s3_url(account_key_location) | |
| zappa_instance.s3_client.download_file(bucket, key_name, '/tmp/account.key') | |
| else: | |
| from shutil import copyfile | |
| copyfile(account_key_location, '/tmp/account.key') | |
| print 'Getting certificate for ' + domain + '..' | |
| # get the certificate | |
| letsencrypt.create_domain_key() | |
| letsencrypt.create_domain_csr(domain) | |
| letsencrypt.get_cert(zappa_instance) | |
| letsencrypt.create_chained_certificate() | |
| with open('/tmp/signed.crt') as f: | |
| certificate_body = f.read() | |
| with open('/tmp/domain.key') as f: | |
| certificate_private_key = f.read() | |
| with open('/tmp/intermediate.pem') as f: | |
| certificate_chain = f.read() | |
| letsencrypt.cleanup() | |
| # output the certificate | |
| os.chdir(owd) | |
| with open(output_filename, 'w') as f: | |
| f.write('# Certificate body\n\n') | |
| f.write(certificate_body + '\n') | |
| f.write('# Certificate private key\n\n') | |
| f.write(certificate_private_key + '\n') | |
| f.write('# Certificate chain\n\n') | |
| f.write(certificate_chain + '\n') | |
| print 'Certificate generated!' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment