npm - certops - Versions diffs - 1.0.6 → 1.0.7 - Mend

certops 1.0.6 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +131 -0
package/package.json +1 -1

package/README.md ADDED Viewed

@@ -0,0 +1,131 @@
+# certops
+CLI for managing and auto-renewing SSL certificates from the [SSL Pilot](https://ssl-manager.dcom.at) platform.
+## Install
+```bash
+npm install -g certops
+```
+## Requirements
+- Node.js 18+
+- An SSL Pilot API key (`sslpilot_...`) from your dashboard
+## Quick start
+```bash
+# Set your API key
+export CERTOPS_API_KEY='sslpilot_...'
+# List certificates
+certops list
+# Download a certificate (interactive picker)
+sudo certops download
+# Download a specific domain
+sudo certops download '*.example.com'
+# Download by ID
+sudo certops download --id <cert-id>
+```
+## Commands
+### `certops list`
+Lists all certificates in your organisation with status and expiry.
+### `certops download [certName]`
+Downloads a certificate to `/etc/certops/<domain>/` in certbot-compatible format:
+```
+/etc/certops/<domain>/
+├── fullchain.pem   # cert + chain
+├── cert.pem        # leaf cert only
+├── chain.pem       # intermediate chain
+└── privkey.pem     # private key (chmod 600)
+```
+Requires root (`sudo`).
+Options:
+- `-i, --id <id>` — download by certificate ID
+### `certops service install`
+Installs and configures a systemd background service that monitors certificates and auto-renews them before expiry.
+```bash
+sudo -E certops service install
+```
+### `certops service <status|start|stop|uninstall|check>`
+Manage the background renewal service.
+```bash
+certops service status
+sudo certops service start
+sudo certops service stop
+sudo certops service check        # run one renewal cycle now
+sudo certops service uninstall
+journalctl -u certops -f          # follow logs
+```
+## Auto-renewal service
+The service polls your SSL Pilot account, checks local expiry state, and re-downloads certificates approaching expiry. Hook scripts in `/etc/certops/hooks/` run after each download.
+**Hook environment variables:**
+| Variable | Value |
+|----------|-------|
+| `SSL_PILOT_CERT_NAME` | Certificate name |
+| `SSL_PILOT_DOMAIN` | Domain (certName from API) |
+| `SSL_PILOT_FULLCHAIN_PATH` | Path to `fullchain.pem` |
+| `SSL_PILOT_CERT_PATH` | Path to `cert.pem` |
+| `SSL_PILOT_CHAIN_PATH` | Path to `chain.pem` |
+| `SSL_PILOT_KEY_PATH` | Path to `privkey.pem` |
+**Example hook** (`/etc/certops/hooks/example.com.sh`):
+```bash
+#!/usr/bin/env bash
+systemctl reload nginx
+```
+## File layout
+```
+/etc/certops/
+  config.json          # service configuration
+  state.json           # local expiry cache
+  hooks/
+    global.sh          # runs after every download
+    example.com.sh     # runs after example.com downloads
+  example.com/
+    fullchain.pem
+    cert.pem
+    chain.pem
+    privkey.pem
+```
+## Configuration (`/etc/certops/config.json`)
+| Field | Default | Description |
+|-------|---------|-------------|
+| `renewalThresholdDays` | `5` | Days before expiry to trigger renewal |
+| `checkIntervalHours` | `12` | How often the daemon checks |
+| `watchDomains` | `[]` | Domains to watch (empty = all active) |
+| `maxDownloadRetries` | `3` | Per-cert retry count on failure |
+| `apiUrl` | ssl-manager.dcom.at | Custom API base URL |
+## Update
+```bash
+npm install -g certops@latest
+```

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "certops",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "description": "SSL Pilot CLI — download and manage your SSL certificates",
   "type": "module",
   "files": [