Skip to content
/ Certiply Public

PowerShell cmdlets and TFS/VSTS build/release extension for ordering Let's Encrypt certificates

License

MIT license
7 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

NiknakSi/Certiply

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
Certiply
Certiply
 
 
docs
docs
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Certiply.sln
Certiply.sln
 
 
LICENSE
LICENSE
 
 

Repository files navigation

Certiply

The goal for this project is to allow for Let's Encrypt certificate ordering directly from a TFS/VSTS/Azure DevOps build or release definition. To achieve this I've used the certes ACME client and wrapped it with enough extra logic and safety to drive it with some simple PowerShell cmdlets.

It's written in C# using .NET Standard 2.0 and runs using PowerShell 6 (Core) on Windows, Linux, and Mac, or 5.1 on Windows. There are no releases yet so you'll need to build it yourself for now.

Only DNS validation is supported and eventually Certiply will support automatic record creation using Azure DNS Zones.

Usage

Certiply has a concept of a 'certificate manager' which is basically just somewhere that your Let's Encrypt account and subsequent orders are held. Currently there is only a local file system based cert manager, but I have plans for cert managers that use Azure Key Vault and SQL Server. This is important for sharing account keys between multiple build agents.

  1. Compile the code
  2. Import the module into a PowerShell session
Import-Module /Users/simonh/Documents/Source/GitHub/NiknakSi/Certiply/Certiply/bin/Debug/netstandard2.0/publish/Certiply.dll
  1. Create a new certificate manager object
$certManager = New-FileSystemCertManager -StorageRoot /Users/simonh/Desktop/Certiply -CreatePath
  1. Create a new Certiply configuration object. Note that in this example I'm specifying the staging URL for Let's Encrypt, but by default the production URL will be used. Inspect the New-CertiplyConfig cmdlet for more configuration settings.
$config = New-CertiplyConfig -CertManager $certManager -AccountEmail example@example.com -LetsEncryptServerUrl https://acme-staging-v02.api.letsencrypt.org/directory
  1. Create a new order and retrieve the DNS validation details
$validationRecords = New-LetsEncryptOrder -Configuration $config -Domains @('test5.niknak.org','*.test5.niknak.org')
  1. Action the DNS validation records manually
  2. Resume the order to complete the process
Resume-LetsEncryptOrder -Configuration $config
  1. Inspect the contents of the $certManager object or the file system specified for the .pem files.

PowerShell demo PowerShell demo output

If you would prefer you an also use Invoke-NewLetsEncryptOrder to do an interactive order, whereby the cmdlet will simply wait for the DNS records to appear before continuing with validation. This is handy for testing but does not represent how orders will be placed by a build/release extension.

Todo

Lots!

  • Support for cancellation tokens - Done
  • Document the cmdlets
  • Creation of simple TFS/VSTS extension
  • Use a DNS zone in Azure for the DNS validation records
  • Create additional cert managers to allow the same account to be used across build agents
  • Refactoring and tidying up
  • Better documentation
  • Publish the extension on the VSTS Marketplace

About

PowerShell cmdlets and TFS/VSTS build/release extension for ordering Let's Encrypt certificates

Topics

letsencrypt powershell vsts

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages