Clever-clever automated certificate download
Introduction
A client of mine needs some proper automation on his server. It’s a modest little container-based thing that runs a LAMP stack which powers a few tens of websites. I faced the prospect, for each website that was added to the server, of making the necessary changes to the vhosts configuration, adding sites to the SAN certificate they have, and so on. The manual way of doing this, would be something like:
- Download the cert + bundle *.zip to my laptop
- Unzip the file
- Rename the certs if necessary
- Upload the certs to the server
- Concatenate the certs if necessary
- Blah blah blah
- …
- Profit!
This is quite a bit of stuff that needs to be remembered every time, so it’s a perfect candidate for automation.
It turns out that this client’s certificate provider, GoDaddy, exposes a well-documented REST API to the rest of the internet. One of the services provided by this API is the...