From b94e2d71cd8f10890ad6767f659f575fe8652b39 Mon Sep 17 00:00:00 2001 From: Reinholds Zviedris Date: Tue, 30 Jun 2020 16:33:49 +0300 Subject: [PATCH 1/2] added code to handle traefik 2.x acme.json --- extractor.py | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/extractor.py b/extractor.py index 72a78c9..a8a2456 100644 --- a/extractor.py +++ b/extractor.py @@ -89,6 +89,15 @@ def createCerts(args): # Read JSON file data = json.loads(open(args.certificate).read()) + # Determine Traefik version, extract data dictonary + key = 'Account' + if not key in data: + root_key = list(data.keys())[0] + data = data[root_key] + traefik_version = 2 + else: + traefik_version = 1 + # Determine ACME version acme_version = 2 if 'acme-v02' in data['Account']['Registration']['uri'] else 1 @@ -107,11 +116,19 @@ def createCerts(args): privatekey = c['Certificate']['PrivateKey'] fullchain = c['Certificate']['Certificate'] sans = c['Domains']['SANs'] - elif acme_version == 2: + elif acme_version == 2 and traefik_version == 1: name = c['Domain']['Main'] privatekey = c['Key'] fullchain = c['Certificate'] sans = c['Domain']['SANs'] + elif acme_version and traefik_version == 2: + name = c['domain']['main'] + privatekey = c['key'] + fullchain = c['certificate'] + if 'sans' in c['domain'] + sans = c['domain']['sans'] + else: + sans = None if (args.include and name not in args.include) or (args.exclude and name in args.exclude): continue From 84cfb31bf286811125ce941963806b76899af560 Mon Sep 17 00:00:00 2001 From: Reinholds Zviedris Date: Tue, 30 Jun 2020 16:45:06 +0300 Subject: [PATCH 2/2] finished upgrade to support traefik v2 acme.json --- LICENSE.md | 2 +- README.md | 2 +- extractor.py | 2 +- start_extractor.bash | 7 +++++++ 4 files changed, 10 insertions(+), 3 deletions(-) create mode 100755 start_extractor.bash diff --git a/LICENSE.md b/LICENSE.md index 014c02d..7aa5fcc 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2018 Daniel Huisman +Copyright (c) 2018 Daniel Huisman, (c) 2020 Reinholds Zviedris Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 6c12693..b0e86ff 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Traefik Certificate Extractor -Tool to extract Let's Encrypt certificates from [Traefik](https://traefik.io/)'s ACME storage file. Can automatically restart containers using the Docker API. +Tool to extract Let's Encrypt certificates from [Traefik](https://traefik.io/)'s ACME storage file. Compatible with Traefik v1 and v2. Can automatically restart containers using the Docker API. Originaly developed by [Daniel Huisman](https://github.com/DanielHuisman/traefik-certificate-extractor) and improved by [Marc Brückner](https://github.com/SnowMB). diff --git a/extractor.py b/extractor.py index a8a2456..b70dd9e 100644 --- a/extractor.py +++ b/extractor.py @@ -125,7 +125,7 @@ def createCerts(args): name = c['domain']['main'] privatekey = c['key'] fullchain = c['certificate'] - if 'sans' in c['domain'] + if 'sans' in c['domain']: sans = c['domain']['sans'] else: sans = None diff --git a/start_extractor.bash b/start_extractor.bash new file mode 100755 index 0000000..0ae2766 --- /dev/null +++ b/start_extractor.bash @@ -0,0 +1,7 @@ +#!/usr/bin/bash + +docker run --name extractor -d \ + -v /opt/traefik:/app/data \ + -v ${PWD}/certs:/app/certs \ + -v /var/run/docker.socket:/var/run/docker.socket \ + estivadorio/traefik-certificate-extractor