alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Update renew with force flag.

Browse source 
Clean old certificates in volumes on start.
This commit is contained in:
Mariano Cano 2018-11-20 16:47:08 -08:00
parent f7154a9ba3
commit 0d4f96c1d9
3 changed files with 14 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
examples/docker/Makefile
View file

@ -5,7 +5,6 @@ binaries:
GOOS=linux go build -o renewer/step github.com/smallstep/cli/cmd/step GOOS=linux go build -o renewer/step github.com/smallstep/cli/cmd/step
build: build-nginx build-ca build-renewer build: build-nginx build-ca build-renewer
build-nginx: build-nginx:
docker build -t nginx-test:latest nginx docker build -t nginx-test:latest nginx
build-ca: build-ca:
@ -21,3 +20,6 @@ down:
inspect: inspect:
step certificate inspect https://localhost:4443 --insecure step certificate inspect https://localhost:4443 --insecure
.PHONY: all binaries up down inspect
.PHONY: build build-nginx build-ca build-renewer

2
examples/docker/renewer/crontab
View file

@ -1,2 +1,2 @@
# min hour day month weekday command # min hour day month weekday command
* * * * * rm -f /var/local/step/site-new.crt && step ca renew --out /var/local/step/site-new.crt /var/local/step/site.crt /var/local/step/site.key && mv /var/local/step/site-new.crt /var/local/step/site.crt * * * * * step ca renew --force /var/local/step/site.crt /var/local/step/site.key

8
examples/docker/renewer/entrypoint.sh
View file

@ -3,16 +3,16 @@
# Wait for CA # Wait for CA
sleep 5 sleep 5
if [ ! -f /var/local/step/root_ca.crt ]; then # Clean old certificates
rm -f /var/local/step/root_ca.crt
rm -f /var/local/step/site.crt /var/local/step/site.key
# Donwload the root certificate # Donwload the root certificate
step ca root /var/local/step/root_ca.crt step ca root /var/local/step/root_ca.crt
fi
if [ ! -f /var/local/step/site.crt ]; then
# Get token # Get token
STEP_TOKEN=$(step ca token $COMMON_NAME) STEP_TOKEN=$(step ca token $COMMON_NAME)
# Donwload the root certificate # Donwload the root certificate
step ca certificate --token $STEP_TOKEN $COMMON_NAME /var/local/step/site.crt /var/local/step/site.key step ca certificate --token $STEP_TOKEN $COMMON_NAME /var/local/step/site.crt /var/local/step/site.key
fi
exec "$@" exec "$@"