diff --git a/.github/workflows/get-certificate-in-azure.yml b/.github/workflows/get-certificate-in-azure.yml index d3ec224..1f0dede 100644 --- a/.github/workflows/get-certificate-in-azure.yml +++ b/.github/workflows/get-certificate-in-azure.yml @@ -22,36 +22,35 @@ jobs: - name: Install Certbot and the Domeneshop DNS plugin run: | sudo apt-get update - sudo apt-get install -y python3-pip - sudo apt-get install -y python3-dev - pip3 install certbot - pip3 install certbot-dns-domeneshop # Ensure the DNS plugin is installed + sudo apt-get install -y python3-pip python3-dev + pip3 install certbot certbot-dns-domeneshop - name: Generate SSL certificate with Certbot (DNS-01 challenge) env: DOMAIN: backend.masus.no - DOMAIN_ALTERNATE: www.backend.masus.no # Optional: if you want to include an additional domain (e.g., www) + DOMAIN_ALTERNATE: www.backend.masus.no CERTBOT_EMAIL: fg-web@samfundet.no - DNS_PROVIDER_CREDENTIALS: ${{ secrets.DOMENESHOP_CREDENTIALS }} # Path to your credentials file in GitHub Secrets + DNS_PROVIDER_CREDENTIALS: ${{ secrets.DOMENESHOP_CREDENTIALS }} run: | - # Create a temporary file for the credentials echo "$DNS_PROVIDER_CREDENTIALS" > /tmp/domeneshop_credentials.ini + chmod 600 /tmp/domeneshop_credentials.ini - # Run Certbot with DNS-01 challenge using Domeneshop + # Run Certbot with DNS-01 challenge certbot certonly \ --authenticator dns-domeneshop \ --dns-domeneshop-credentials /tmp/domeneshop_credentials.ini \ --dns-domeneshop-propagation-seconds 120 \ --email $CERTBOT_EMAIL --agree-tos -n \ - -d $DOMAIN \ - -d $DOMAIN_ALTERNATE \ + -d $DOMAIN -d $DOMAIN_ALTERNATE \ --config-dir /tmp/certbot/config \ --work-dir /tmp/certbot/work \ --logs-dir /tmp/certbot/logs - # Export the certificate to a .pfx file - openssl pkcs12 -export -out cert.pfx -inkey /etc/letsencrypt/live/$DOMAIN/privkey.pem \ - -in /etc/letsencrypt/live/$DOMAIN/fullchain.pem -passout pass:$PFX_PASSWORD + # Use Certbot's generated files for the .pfx file + openssl pkcs12 -export -out cert.pfx \ + -inkey /tmp/certbot/config/live/$DOMAIN/privkey.pem \ + -in /tmp/certbot/config/live/$DOMAIN/fullchain.pem \ + -passout pass:$PFX_PASSWORD - name: Upload certificate to Azure Application Gateway env: @@ -60,7 +59,6 @@ jobs: AZURE_APPLICATION_GATEWAY_NAME: hilfling-gateway PFX_PASSWORD: ${{ secrets.PFX_PASSWORD }} run: | - # Upload certificate to Azure Application Gateway az network application-gateway ssl-cert create \ --resource-group $AZURE_RESOURCE_GROUP \ --gateway-name $AZURE_APPLICATION_GATEWAY_NAME \