For the past few months I’ve been spending some spare time working on an ACME client and certificate manager – Peter SSLers (or how i stopped worrying and learned to love the ssl certificate).
Peter is unfinished, but the basic functionality is complete and has test coverage. The more advanced functionality is not yet complete, but the general API is ironed out and stable enough to finally share.
Peter offers an ACME client that runs via a small pyramid (python) based webserver. Certificates are stored in an RDBMS (by default sqlite is used, but SqlAlchemy is the backing ORM so almost any Database can be used. I personally use PostgreSQL.)
All certificates and keys managed by Peter are decoded and regexed into searchable fields. Most operations are logged into the RDMBS for easy tracking. Peter quickly tells you which certificates or domains need renewal, and everything is cross-referenced.
Peter does a lot of dangerous things and offers no security by design. There are many warnings about this.
Peter is not designed for use in the context of a single webserver or a small number of domains, but is aimed at advanced users who need to manage hundreds of domains or multiple servers within a private LAN. The goal of Peter is to lend a service oriented approach to certificate management and deployment. By centrally managing your ssl certificates, you can easily deploy them to multiple servers. Peter also offers a reference implementation against the
ssl_cerficate_by_ hooks on the openresty platform, allowing nginx to dynamically query for ssl certificates as needed, and caching them into nginx and redis if desired.
The first pre-release is available via github under the MIT license: https://github.com/aptise/peter_sslers
Comments and Pull Requests are always welcome.