Skip to content

Bixal/acai

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
acai
acai
 
 
debian
debian
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

ACAI - Acquia Cert Automatic Installer

This program installs LetsEncrypt SSL certificates into Acquia environments.

Requirements

This program requires Python 3.x and the Python Acquia Cloud API v2 library with the SSL management patch applied.

Configuration

The program looks in /etc/acai.conf and ~/.acai.conf for environment definitions. The config files are in INI format. Each environment is its own section in the config file, and the DEFAULT section provides global values that can be overridden in a section.

Example:

[DEFAULT]
acquia_environment=prod
api_key=a26a25ad-69fb-4348-a7ac-bdd0a60849af
api_secret=TW9zdCBzZWN1cmUgcGFzc3dvcmQgaXMgPGVudGVyPi4=
application=7eff4747-4733-4070-9002-353c1dcdd090

[my-app.dev]
cert_name=myapp.bxdev.net
acquia_environment=dev

[my-app.stage]
cert_name=myapp.bxstage.net
acquia_environment=test

[another-app.prod]
application=7eff4747-4733-4070-9002-353c1dcdd090
api_key=070bdfe5-d106-40b0-a110-4882d8929669
api_secret=VmFjaGVzIGJsZXVlcyBsZSBtYXRpbiwgY2jDqXJpZS4=
cert_name=stage.another-app.com
acquia_environment=prod

  • The INI section name (e.g., my-app.dev) is only used by the acai.py app, and does not need to map to anything at Acquia or the site's hostname.

  • The api_key and api_secret are generated in your Acquia account. See the Acquia documentation for details.

  • The cert_name is the directory /etc/letsencrypt/live/[cert_name] that contains the cert, key, and chain.

  • The application is the Application UUID. You can find this by logging into Acquia Cloud and clicking "Product Keys" on the left. It is also in the URL for your dashboard: https://cloud.acquia.com/a/applications/[application-uuid]/.

  • The acquia_environment is the name of the environment at Acquia, typically one of dev, test, prod or ra.

  • The /etc/acai.conf and ~/.acai.conf files should have restrictive permissions.

Usage

With the environments defined, the certs can be installed by running acai.py with the name of the environment's ini section to update. For example, to update the dev environment in the my-app application, use:

# acai.py my-app.dev

The program doesn't have to run as root. It only needs to be able to read the letsencrypt certs (typically owned by root) and the /etc/acai.conf file to fetch the Acquia API creds.

This can be set up as a renewal hook triggered by certbot by editing the /etc/letsencrypt/renew/[cert_name].conf and adding a renew_hook to the [renewalparams] section.

[renewalparams]
renew_hook = /usr/bin/acai.py my-app.dev

About

This program installs LetsEncrypt SSL certificates into Acquia environments.

Topics

letsencrypt debian-package

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

7 watching

Forks

0 forks
Report repository

Releases 1

1.1 Latest
Jul 21, 2025

Packages

No packages published

Languages