upload of certificate is working, but is not applied automatically #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Generate and Upload SSL Certificate | |
| on: | |
| push: | |
| branches: | |
| - feature/fg-137 | |
| workflow_dispatch: | |
| jobs: | |
| generate-and-upload-cert: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Log in to Azure | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Install Certbot and Domeneshop DNS plugin | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y python3-pip | |
| pip3 install certbot certbot-dns-domeneshop | |
| - name: Generate SSL certificate with Certbot (DNS-01 challenge) | |
| env: | |
| DOMAIN: backend.masus.no | |
| DOMAIN_ALTERNATE: www.backend.masus.no | |
| CERTBOT_EMAIL: [email protected] | |
| DNS_PROVIDER_CREDENTIALS: ${{ secrets.DOMENESHOP_CREDENTIALS }} | |
| PFX_PASSWORD: ${{ secrets.PFX_PASSWORD }} | |
| run: | | |
| echo "$DNS_PROVIDER_CREDENTIALS" > /tmp/domeneshop_credentials.ini | |
| chmod 600 /tmp/domeneshop_credentials.ini | |
| certbot certonly \ | |
| --authenticator dns-domeneshop \ | |
| --dns-domeneshop-credentials /tmp/domeneshop_credentials.ini \ | |
| --dns-domeneshop-propagation-seconds 120 \ | |
| --email $CERTBOT_EMAIL --agree-tos -n \ | |
| -d $DOMAIN -d $DOMAIN_ALTERNATE \ | |
| --config-dir /tmp/certbot/config \ | |
| --work-dir /tmp/certbot/work \ | |
| --logs-dir /tmp/certbot/logs | |
| openssl pkcs12 -export -out cert.pfx \ | |
| -inkey /tmp/certbot/config/live/$DOMAIN/privkey.pem \ | |
| -in /tmp/certbot/config/live/$DOMAIN/fullchain.pem \ | |
| -passout pass:$PFX_PASSWORD | |
| - name: Upload certificate to Azure Application Gateway | |
| env: | |
| AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| AZURE_RESOURCE_GROUP: hilfling-backend_group | |
| AZURE_APPLICATION_GATEWAY_NAME: hilfling-gateway | |
| PFX_PASSWORD: ${{ secrets.PFX_PASSWORD }} | |
| run: | | |
| az network application-gateway ssl-cert create \ | |
| --resource-group $AZURE_RESOURCE_GROUP \ | |
| --gateway-name $AZURE_APPLICATION_GATEWAY_NAME \ | |
| --name app-gateway-cert \ | |
| --cert-file cert.pfx \ | |
| --cert-password $PFX_PASSWORD |