Certbot
Use Certbot to automatically update TLS Certificates on OpenShift Routes.
Update: As of August 2023, Entrust (the only approved certificate provider for BC Gov production environments) has discontinued support for Certbot. Currently, Certbot cannot be used to manage your Entrust certificates.
Feature List
- Can utilize https://letsencrypt.org/ or other ACME compliant Certificate Authority for issuing certificates
- Leverages and extends https://certbot.eff.org/ for managing (create/renew) certificates
- Should only be executed on Openshift Container Platform
- Creates an OpenShift CronJob which will run on a regular schedule for renewing TLS certificates
- If a certificate is created/renewed, patch the new certificate to the managed OpenShift routes
Self-hosted
If you want to deploy your own version of Certbot, you can start by:
- Reading the project README file to learn about what you’ll need
Connecting with the Common Service Showcase team
We are always interested in learning about what feature we should add next. If you have a suggestion, you can reach out to us through:
- Find developer support on our Rocket.Chat channel #nr-common-services-showcase
- Email: nr.commonserviceshowcase@gov.bc.ca
DockerHub
@bcgovimage
Finding and sharing container images (software components you can deploy and host) with your team and the Docker community
Certbot Images
Certbot
This image provides an automated way of managing and updating TLS certificates onto OpenShift Routes.
https://hub.docker.com/r/bcgovimages/certbot/
https://hub.docker.com/r/bcgovimages/certbot/