Giter VIP home page Giter VIP logo

netscaler-certbot-hook's Introduction

netscaler-certbot-hook

This is a small script for installing and updating ssl certificates (e.g. from Letsencrypt) on a Citrix NetScaler.

Use it in combination with the DNS-01 challenge to fully automate the renewal process for your Letsencrypt certificates on your Citrix NetScaler ADC.

Architecture

Architecture

Usage

-bash# python3 netscaler-certbot-hook.py 
usage: netscaler-certbot-hook.py [-h] --name <string> [--chain <string>]
                                 [--cert <file>] [--privkey <file>]
                                 [--chain-cert <file>]
netscaler-certbot-hook.py: error: the following arguments are required: --name

Enroll an letsencrypt certificate via certbot

For example using Cloudflare DNS.

certbot --text --agree-tos --non-interactive certonly \
  --cert-name 'lauger.de' \
  -d 'lauger.de' \
  -d 'www.lauger.de' \
  -a dns-cloudflare \
  --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini \
  --keep-until-expiring

Run netscaler-certbot-hook

Set the required environment variables.

export NS_URL=https://192.168.10.10
export NS_LOGIN=nsroot
export NS_PASSWORD=nsroot

Run script and push certificate to your NetScaler.

python3 netscaler-certbot-hook.py --name lauger.de

By default, the script assumes your certificate in /etc/letsencrypt/live. If your certificate is stored somewhere else, just set --cert, --privkey and --chain-cert to your custom certificate path.

python3 netscaler-certbot-hook.py --name lauger.de \
  --cert /etc/letsencrypt/live/lauger.de/cert.pem \
  --privkey /etc/letsencrypt/live/lauger.de/privkey.pem \
  --chain-cert /etc/letsencrypt/live/lauger.de/chain.pem

Example Output

Inital setup

-bash# python3 netscaler-certbot-hook.py --name lauger.de
chain certificate letsencrypt not found
uploading chain certificate as letsencrypt-1581896753.crt
installing chain certificate with serial 13298795840390663119752826058995181320
certificate lauger.de not found
uploading certificate as lauger.de-1581896753.crt
uploading private key as lauger.de-1581896753.key
installing certificate with serial 409596789458967997345847308430335698529007

Update check

-bash# python3 netscaler-certbot-hook.py --name lauger.de
chain certificate letsencrypt found with serial 13298795840390663119752826058995181320
installed chain certificate matches our serial - nothing to do
certificate lauger.de found with serial 409596789458967997345847308430335698529007
installed certificate matches our serial - nothing to do

Authors

netscaler-certbot-hook's People

Contributors

slauger avatar sniner avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

sniner vmcitrix claymanjw

netscaler-certbot-hook's Issues

NS_VERIFY_SSL=False but OSError: Could not find a suitable TLS CA certificate bundle

Hello,

I try to get your script working against an ADC with a self-signed certificate on the management interface. So I have set the
NS_VERIFY_SSL=False
environment variable.

I still receive a SSL verification error:

root@743e48f4ce71:/app# python3 ./netscaler-certbot-hook/netscaler-certbot-hook.py --name dummy.tld
chain certificate letsencrypt not found
uploading chain certificate as letsencrypt-1617819297.crt
Traceback (most recent call last):
File "/app/./netscaler-certbot-hook/netscaler-certbot-hook.py", line 229, in
nitro_upload(nitro_client, chain_file, '{}-{}.crt'.format(args.chain, timestamp))
File "/app/./netscaler-certbot-hook/netscaler-certbot-hook.py", line 86, in nitro_upload
return nitro_client.request(
File "/app/netscaler-certbot-hook/nitro.py", line 57, in request
self._result = method_callback(
File "/usr/local/lib/python3.9/site-packages/requests/api.py", line 119, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 416, in send
self.cert_verify(conn, request.url, verify, cert)
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 227, in cert_verify
raise IOError("Could not find a suitable TLS CA certificate bundle, "
OSError: Could not find a suitable TLS CA certificate bundle, invalid path: False

Any chance to disable certificate validation entirely?

Best Regards,
Busch

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.